CVE-2011-0778

Published: Feb 4, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 9.0.597.83

Related CWEs

CWE-264

References (16)

http://code.google.com/p/chromium/issues/detail?id=59081

Source: cve@mitre.org

http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Source: cve@mitre.org

http://secunia.com/advisories/43368

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2166

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2188

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0408

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14228

Source: cve@mitre.org

http://code.google.com/p/chromium/issues/detail?id=59081