Information disclosure in Google Chrome - CVE-2011-1187

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

How to mitigate CVE-2011-1187

Sources

• http://code.google.com/p/chromium/issues/detail?id=69187
• http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
• http://secunia.com/advisories/48972
• http://secunia.com/advisories/49047
• http://secunia.com/advisories/49055
• http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
• http://www.securityfocus.com/bid/46785
• http://www.vupen.com/english/advisories/2011/0628
• https://bugzilla.mozilla.org/show_bug.cgi?id=624621
• https://exchange.xforce.ibmcloud.com/vulnerabilities/65951
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14369