CVE-2011-3063 : Google Chrome before 18.0.1025.142 does not properly validate the renderer's nav

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

Published 2012-03-30 22:55:02

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2011-3063

Google » Chrome
Versions before (<) 18.0.1025.142
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-3063

EPSS FAQ

0.48%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3063

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-3063

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3063

http://code.google.com/p/chromium/issues/detail?id=117417

117417 - Security: Don't let a normal web renderer navigate to a privileged URL - chromium - Monorail
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226

Repository / Oval Repository
Third Party Advisory
http://secunia.com/advisories/48618

Sign in
Not Applicable

CVEs referencing this url
http://secunia.com/advisories/48763

Sign in
Not Applicable

CVEs referencing this url
http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html

Chrome Releases: Stable Channel Release and Beta Channel Update
Release Notes;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/74413

Google Chrome renderer security bypass CVE-2011-3063 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id?1026877

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://secunia.com/advisories/48691

Sign in
Not Applicable

CVEs referencing this url
http://www.securityfocus.com/bid/52762

Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-3063

Products affected by CVE-2011-3063

Exploit prediction scoring system (EPSS) score for CVE-2011-3063

CVSS scores for CVE-2011-3063

CWE ids for CVE-2011-3063

References for CVE-2011-3063