CVE-2011-2599

Published: Jun 30, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Version 11

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html

Source: cve@mitre.org

http://www.contextis.co.uk/resources/blog/webgl/

Source: cve@mitre.org

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14183

Source: cve@mitre.org

http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.contextis.co.uk/resources/blog/webgl/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14183

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.