CVE-2011-3054

Published: Mar 22, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Affected (2)

Products: Google: Chrome · Opensuse: Opensuse

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 17.0.963.83

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.1

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (22)

http://code.google.com/p/chromium/issues/detail?id=117418

Source: cve@mitre.org

Vendor Advisory

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://osvdb.org/80292

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/48512

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48527

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-201203-19.xml

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/52674

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1026841

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/74214

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028

Source: cve@mitre.org

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=117418