Main Vulnerability Database Vulnerabilities #VU44645

Input validation error in Google Chrome - CVE-2011-2878

Published: October 4, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44645

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-2878

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Chrome

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

How to mitigate CVE-2011-2878

Install update from vendor's website.

Sources

http://code.google.com/p/chromium/issues/detail?id=95671
http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14470

Input validation error in Google Chrome - CVE-2011-2878

Detailed vulnerability description

How to mitigate CVE-2011-2878

Sources

Please verify you're human