Vulnerability Details : CVE-2011-3085
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-3085
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3085
2.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3085
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3085
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3085
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15256
Repository / Oval Repository
-
http://security.gentoo.org/glsa/glsa-201205-03.xml
Chromium, V8: Multiple vulnerabilities (GLSA 201205-03) — Gentoo security
-
http://www.securityfocus.com/bid/53540
Google Chrome Prior to 19 Multiple Security Vulnerabilities
-
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
Chrome Releases: Stable Channel Update
-
http://code.google.com/p/chromium/issues/detail?id=118374
118374 - Long autofilled value causes render issue - chromium - Monorail
-
http://www.securitytracker.com/id?1027067
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75590
Google Chrome autofilled code execution CVE-2011-3085 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html
[security-announce] openSUSE-SU-2012:0656-1: important: update for chrom
Jump to