#VU31667 Universal cross-site scripting in Google Chrome - CVE-2011-3881

Cybersecurity Help s.r.o.

Published: 2011-10-25 | Updated: 2025-01-28

Vulnerability identifier: #VU31667

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-3881

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation
Update to version 15.0.874.102.

Vulnerable software versions

Google Chrome: 15.0.874.0 - 15.0.874.101

External links
https://code.google.com/p/chromium/issues/detail?id=96047
https://code.google.com/p/chromium/issues/detail?id=96885
https://code.google.com/p/chromium/issues/detail?id=98053
https://code.google.com/p/chromium/issues/detail?id=99512
https://code.google.com/p/chromium/issues/detail?id=99750
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
https://www.securitytracker.com/id?1026774
https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef
https://exchange.xforce.ibmcloud.com/vulnerabilities/70959
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Techland Chrome