Information disclosure in Google Chrome - CVE-2011-1190
Published: March 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45240
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1190
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Chrome
Google Chrome
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
How to mitigate CVE-2011-1190
Install update from vendor's website.
Sources
- http://code.google.com/p/chromium/issues/detail?id=70336
- http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
- http://support.apple.com/kb/HT4808
- http://support.apple.com/kb/HT4999
- http://www.securityfocus.com/bid/46785
- http://www.vupen.com/english/advisories/2011/0628
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65954
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14398