CVE-2011-2361

Google Chrome < 13.0.782.107 - Authentication Bypass

Title source: rule

Description

The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.

References (5)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

[Issue Tracking] http://code.google.com/p/chromium/issues/detail?id=79426

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/68943

[Third Party Advisory, VDB Entry] http://osvdb.org/74231

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595

Scores

EPSS 0.0030

EPSS Percentile 52.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

google/chrome < 13.0.782.107

Timeline

Published Aug 03, 2011

Tracked Since Feb 18, 2026