CVE-2011-1190 — MEDIUM (5.0)

Q: What is CVE-2011-1190?

CVE-2011-1190 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

Q: How severe is CVE-2011-1190?

CVE-2011-1190 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1190?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os.

Vulnerability Description

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 10.0.648.127
Apple	Safari	< 5.0.6
Apple	Iphone Os	< 5.0

Related Weaknesses (CWE)

CWE-200

References

http://code.google.com/p/chromium/issues/detail?id=70336ExploitIssue TrackingPatch
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlVendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.htmlMailing ListThird Party Advisory
http://support.apple.com/kb/HT4808Third Party Advisory
http://support.apple.com/kb/HT4999Third Party Advisory
http://www.securityfocus.com/bid/46785Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/0628Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/65954Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=70336ExploitIssue TrackingPatch
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlVendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.htmlMailing ListThird Party Advisory
http://support.apple.com/kb/HT4808Third Party Advisory

FAQ

What is CVE-2011-1190?

CVE-2011-1190 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

How severe is CVE-2011-1190?

CVE-2011-1190 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1190?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os.