CVE-2011-2878

Published: Oct 4, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 14.0.835.202

References (6)

http://code.google.com/p/chromium/issues/detail?id=95671

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Source: chrome-cve-admin@google.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14470

Source: chrome-cve-admin@google.com

http://code.google.com/p/chromium/issues/detail?id=95671

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14470

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.