CVE-2011-3046 — HIGH (10.0)

Q: How severe is CVE-2011-3046?

CVE-2011-3046 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-3046?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Opensuse Opensuse, Apple Safari, Apple Iphone Os.

Vulnerability Description

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 17.0.963.78
Opensuse	Opensuse	12.1
Apple	Safari	< 5.1.7
Apple	Iphone Os	< 5.1.1

Related Weaknesses (CWE)

CWE-79

References

http://code.google.com/p/chromium/issues/detail?id=117226Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=117230Vendor Advisory
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.htRelease NotesVendor Advisory
http://lists.apple.com/archives/security-announce/2012/May/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2012/May/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/47292Not Applicable
http://secunia.com/advisories/48321Not Applicable
http://secunia.com/advisories/48419Not Applicable
http://secunia.com/advisories/48527Not Applicable
http://security.gentoo.org/glsa/glsa-201203-19.xmlThird Party Advisory
http://support.apple.com/kb/HT5282Third Party Advisory
http://www.securityfocus.com/bid/52369Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1026776Third Party AdvisoryVDB Entry
http://www.zdnet.com/blog/security/cansecwest-pwnium-google-chrome-hacked-with-sPress/Media Coverage

FAQ

What is CVE-2011-3046?

CVE-2011-3046 is a vulnerability with a CVSS score of 10.0 (HIGH). The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" ...

How severe is CVE-2011-3046?

CVE-2011-3046 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3046?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Opensuse Opensuse, Apple Safari, Apple Iphone Os.