CVE-2012-5376Improper Privilege Management in Google Chrome

CWE-269Improper Privilege Management2 documents2 sources
Severity
9.6CRITICALNVD
EPSS
0.4%
top 41.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 11
Latest updateMay 13

Description

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages1 packages

NVDgoogle/chrome< 22.0.1229.94

🔴Vulnerability Details

1
GHSA
GHSA-pff3-h37v-m32x: The Inter-process Communication (IPC) implementation in Google Chrome before 222022-05-13
CVE-2012-5376 — Improper Privilege Management in Google | cvebase