CVE-2011-1691

Google Chrome < 11.0.696.43 - Denial of Service via CSS Counter Access

Title source: llm
STIX 2.1

Description

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

References (6)

Core 6
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.webkit.org/show_bug.cgi?id=57266
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=77665
Patch x_refsource_confirm
http://trac.webkit.org/changeset/82222
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66818

Scores

EPSS 0.0158
EPSS Percentile 72.5%

Details

CWE
CWE-476
Status published
Products (1)
google/chrome < 11.0.696.43
Published Apr 15, 2011
Tracked Since Feb 18, 2026