Strix
26.1K

CVE-2012-4904

UnknownEPSS 0.65%

Last modified

CVE-2012-4904 is a vulnerability of currently unknown severity. Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

Metrics

EPSS Probability
0.65%

46.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GoogleChrome<= 18.0.1025306

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-4904?
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
How severe is CVE-2012-4904?
Severity scoring for CVE-2012-4904 is pending analysis. The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2012-4904?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4904?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST