CVE-2011-3067 — MEDIUM (6.8)

Q: What is CVE-2011-3067?

CVE-2011-3067 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

Q: How severe is CVE-2011-3067?

CVE-2011-3067 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-3067?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os.

Vulnerability Description

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Google	Chrome	< 18.0.1025.151
Apple	Safari	< 6.0
Apple	Iphone Os	< 6.0

Related Weaknesses (CWE)

CWE-346

References

http://code.google.com/p/chromium/issues/detail?id=117583ExploitVendor Advisory
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updatesRelease NotesVendor Advisory
http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlMailing ListThird Party Advisory
http://osvdb.org/81037Broken Link
http://secunia.com/advisories/48732Third Party Advisory
http://secunia.com/advisories/48749Third Party Advisory
http://security.gentoo.org/glsa/glsa-201204-03.xmlThird Party Advisory
http://support.apple.com/kb/HT5400Third Party Advisory
http://support.apple.com/kb/HT5503Third Party Advisory
http://www.securityfocus.com/bid/52913Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1026892Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74627Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=117583ExploitVendor Advisory

FAQ

What is CVE-2011-3067?

CVE-2011-3067 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

How severe is CVE-2011-3067?

CVE-2011-3067 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3067?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os.