Vulnerability Details : CVE-2011-2840
Potential exploit
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
Vulnerability category: Input validation
Products affected by CVE-2011-2840
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2840
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2840
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-2840
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2840
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14491
Repository / Oval RepositoryThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=78427
78427 - url spoof through bookmark bar click - chromium - MonorailExploit;Issue Tracking;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69867
Google Chrome URL spoofing CVE-2011-2840 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://code.google.com/p/chromium/issues/detail?id=83031
83031 - Chrome spoof on 302 redirect - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
-
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Chrome Releases: Stable Channel UpdateVendor Advisory
Jump to