CVE-2011-3055Missing Authentication for Critical Function in Google Chrome

CWE-306Missing Authentication for Critical Function4 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 22.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeOpensuse
Timeline
PublishedMar 22
Latest updateMay 13

Description

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome< 17.0.963.83

🔴Vulnerability Details

1
GHSA
GHSA-5fvv-9cf6-p5xm: The browser native UI in Google Chrome before 172022-05-13

📋Vendor Advisories

2
Citrix
Citrix Security Bulletin CTX128167
Citrix
Citrix Security Bulletin CTX134303
CVE-2011-3055 — Google Chrome vulnerability | cvebase