CVE-2011-3054 : The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published 2012-03-22 16:55:01

Updated 2020-04-14 15:56:01

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-3054

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-3054

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-3054

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3054

http://www.securityfocus.com/bid/52674

Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id?1026841

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

Chrome Releases: Stable Channel Update
Release Notes;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/74214

Google Chrome webui wek security CVE-2011-3054 Vulnerability Report
Third Party Advisory;VDB Entry
http://code.google.com/p/chromium/issues/detail?id=117418

117418 - Security: Don't grant WebUI bindings to a process shared with normal views - chromium - Monorail
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201203-19.xml

Chromium: Multiple vulnerabilities (GLSA 201203-19) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

[security-announce] openSUSE-SU-2012:0466-1: important: update for chrom
Mailing List;Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028

Repository / Oval Repository
Third Party Advisory

Products affected by CVE-2011-3054

Google » Chrome
Versions before (<) 17.0.963.83
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-3054

Exploit prediction scoring system (EPSS) score for CVE-2011-3054

CVSS scores for CVE-2011-3054

CWE ids for CVE-2011-3054

References for CVE-2011-3054

Products affected by CVE-2011-3054