CVE-2011-3058

Google Chrome < 18.0.1025.142 - XSS

Title source: rule

Description

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

References (12)

[Exploit, Vendor Advisory] http://code.google.com/p/chromium/issues/detail?id=109574

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

[Vendor Advisory] http://secunia.com/advisories/48618

[Vendor Advisory] http://secunia.com/advisories/48691

[Third Party Advisory] http://secunia.com/advisories/48763

[Third Party Advisory] http://support.apple.com/kb/HT5642

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52762

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026877

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74408

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15492

Scores

EPSS 0.0075

EPSS Percentile 73.0%

Classification

CWE

CWE-79

Status published

Affected Products (4)

google/chrome < 18.0.1025.142

apple/iphone_os < 6.0.1

apple/mac_os_x < 10.8.3

n/a/n/a

Timeline

Published Mar 30, 2012

Tracked Since Feb 18, 2026