CVE-2011-2856 : Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers

Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Published 2011-09-19 12:02:56

Updated 2020-05-08 17:08:20

Source Google Inc.

View at NVD, CVE.org

Products affected by CVE-2011-2856

Google » Chrome
Versions before (<) 14.0.835.163
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Assigned by: nvd@nist.gov (Primary)

https://exchange.xforce.ibmcloud.com/vulnerabilities/69883

Google Chrome v8 security bypass CVE-2011-2856 Vulnerability Report
Third Party Advisory;VDB Entry
http://code.google.com/p/chromium/issues/detail?id=93416

93416 - Security: Arbitrary cross-origin bypass using __defineGetter__ prototype override - chromium - Monorail
Exploit;Issue Tracking;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14262

Repository / Oval Repository
Third Party Advisory
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url

Jump to