CVE-2011-1190

Google Chrome < 10.0.648.127 - Same Origin Policy Bypass via Web Workers Error Message Leak

Title source: llm
STIX 2.1

Description

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

References (10)

Core 10
Core References
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=70336
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46785
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65954
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4999
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4808
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0628

Scores

EPSS 0.0190
EPSS Percentile 77.2%

Details

CWE
CWE-200
Status published
Products (3)
apple/iphone_os < 5.0
apple/safari < 5.0.6
google/chrome < 10.0.648.127
Published Mar 11, 2011
Tracked Since Feb 18, 2026