CVE-2011-2855Injection in Google Chrome

CWE-74Injection2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
1.6%
top 17.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple ItunesApple Safari+1 more
Timeline
PublishedSep 19
Latest updateMay 13

Description

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

NVDgoogle/chrome< 14.0.835.163
NVDapple/itunes< 10.6
NVDapple/safari< 5.1.4
NVDapple/iphone_os< 5.1

🔴Vulnerability Details

1
GHSA
GHSA-3h47-86qq-gprm: Google Chrome before 142022-05-13