CVE-2011-3046Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
2.5%
top 14.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple SafariGoogle Chrome+1 more
Timeline
PublishedMar 9
Latest updateMay 13

Description

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDgoogle/chrome< 17.0.963.78
NVDapple/safari< 5.1.7
NVDapple/iphone_os< 5.1.1

🔴Vulnerability Details

1
GHSA
GHSA-7jq2-gmmw-gv34: The extension subsystem in Google Chrome before 172022-05-13

📋Vendor Advisories

1
Ubuntu
WebKit vulnerabilities2012-08-08