Vulnerability Details : CVE-2011-1438
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
Vulnerability category: Input validation
Products affected by CVE-2011-1438
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1438
0.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-1438
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1438
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14621
Repository / Oval RepositoryThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67145
Google Chrome blobs security bypass CVE-2011-1438 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://code.google.com/p/chromium/issues/detail?id=74653
74653 - bypass SOP with blob: - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
-
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
Chrome Releases: Chrome Stable UpdateVendor Advisory
Jump to