Vulnerability Details : CVE-2011-2786
Potential exploit
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
Products affected by CVE-2011-2786
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2786
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2786
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-2786
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2786
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14331
Repository / Oval Repository
-
http://osvdb.org/74236
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68948
Google Chrome bubble security bypass CVE-2011-2786 Vulnerability Report
-
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
Chrome Releases: Stable Channel Update
-
http://code.google.com/p/chromium/issues/detail?id=84600
84600 - Security: Web page can initiate speech recognition without user knowing about it - chromium - Monorail
Jump to