Main Vulnerability Database Vulnerabilities #VU44313

Origin validation error in Google Chrome - CVE-2011-3956

Published: February 9, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU44313

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-3956

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Chrome

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.

How to mitigate CVE-2011-3956

Install update from vendor's website.

Sources

http://code.google.com/p/chromium/issues/detail?id=103630
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14906

Origin validation error in Google Chrome - CVE-2011-3956

Detailed vulnerability description

How to mitigate CVE-2011-3956

Sources

Please verify you're human