CVE-2011-1691
Google Chrome < 11.0.696.43 - Denial of Service via CSS Counter Access
Title source: llmDescription
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.
References (6)
Core 6
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.webkit.org/show_bug.cgi?id=57266
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=77665
Patch x_refsource_confirm
http://trac.webkit.org/changeset/82222
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14365
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66818
Scores
EPSS
0.0158
EPSS Percentile
72.5%
Details
CWE
CWE-476
Status
published
Products (1)
google/chrome
< 11.0.696.43
Published
Apr 15, 2011
Tracked Since
Feb 18, 2026