Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4906Google Chrome vulnerability

CWE-2645 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
8.2%
top 7.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Chrome
Timeline
PublishedSep 13
Latest updateMay 17

Description

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome18.0.1025306

🔴Vulnerability Details

2
GHSA
GHSA-v25g-5mj4-74p6: Google Chrome before 182022-05-17
GHSA
GHSA-6x7x-2jp3-xpvf: Google Chrome before 182022-05-17

💥Exploits & PoCs

1
Exploit-DB
Google Chrome for Android - Multiple 'file::' URL Handler Local Downloaded Content Disclosure Vulnerabilities2012-09-12
CVE-2012-4906 — Google Chrome vulnerability | cvebase