CVE-2011-3046
UnknownEPSS 4.87%
Last modified
CVE-2011-3046 is a vulnerability of currently unknown severity. The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.. EPSS estimates a 4.87% chance of exploitation in the next 30 days.
Description
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 17.0.963.78 | |
| Opensuse | Opensuse | 12.1 |
| Apple | Safari | < 5.1.7 |
| Apple | Iphone Os | < 5.1.1 |
References
- http://code.google.com/p/chromium/issues/detail?id=117226Vendor Advisory
- http://code.google.com/p/chromium/issues/detail?id=117230Vendor Advisory
- http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.htmlRelease Notes, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2012/May/msg00000.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2012/May/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/47292Not Applicable
- http://secunia.com/advisories/48321Not Applicable
- http://secunia.com/advisories/48419Not Applicable
- http://secunia.com/advisories/48527Not Applicable
- http://security.gentoo.org/glsa/glsa-201203-19.xmlThird Party Advisory
- http://support.apple.com/kb/HT5282Third Party Advisory
- http://www.securityfocus.com/bid/52369Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026776Third Party Advisory, VDB Entry
- https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqsPermissions Required, Vendor Advisory
- http://code.google.com/p/chromium/issues/detail?id=117226Vendor Advisory
- http://code.google.com/p/chromium/issues/detail?id=117230Vendor Advisory
- http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.htmlRelease Notes, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2012/May/msg00000.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2012/May/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/47292Not Applicable
- http://secunia.com/advisories/48321Not Applicable
- http://secunia.com/advisories/48419Not Applicable
- http://secunia.com/advisories/48527Not Applicable
- http://security.gentoo.org/glsa/glsa-201203-19.xmlThird Party Advisory
- http://support.apple.com/kb/HT5282Third Party Advisory
- http://www.securityfocus.com/bid/52369Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026776Third Party Advisory, VDB Entry
- https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqsPermissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3046?
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
How severe is CVE-2011-3046?
Severity scoring for CVE-2011-3046 is pending analysis. The EPSS model estimates a 4.87% probability of exploitation in the next 30 days.
How do I fix CVE-2011-3046?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2011-3046?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST