CVE-2011-3056

Google Chrome < 17.0.963.83 - Origin Validation Error

Title source: rule

Description

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

References (16)

[Vendor Advisory] http://code.google.com/p/chromium/issues/detail?id=117550

[Vendor Advisory] http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2012/May/msg00000.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2012/May/msg00002.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

[Broken Link] http://osvdb.org/80294

[Broken Link] http://osvdb.org/81794

[Not Applicable] http://secunia.com/advisories/47292

[Not Applicable] http://secunia.com/advisories/48512

[Not Applicable] http://secunia.com/advisories/48527

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201203-19.xml

[Third Party Advisory] http://support.apple.com/kb/HT5282

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52674

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026841

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74216

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14962

Scores

EPSS 0.0089

EPSS Percentile 75.3%

Classification

CWE

CWE-346

Status draft

Affected Products (4)

google/chrome < 17.0.963.83

opensuse/opensuse

apple/safari < 5.1.7

apple/iphone_os < 5.1.1

Timeline

Published Mar 22, 2012

Tracked Since Feb 18, 2026