CVE-2011-3887 — Reliance on Cookies without Validation and Integrity Checking in Google Chrome

CWE-565 — Reliance on Cookies without Validation and Integrity Checking3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 33.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome

Timeline

PublishedOct 25

Latest updateMay 13

Description

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDgoogle/chrome< 15.0.874.102

▶NVDapple/safari< 5.1.4

▶NVDapple/iphone_os< 5.1

🔴Vulnerability Details

GHSA

GHSA-7vmr-cgfv-q59w: Google Chrome before 15↗2022-05-13

▶

OSV

CVE-2011-3887: Google Chrome before 15↗2011-10-25

▶