CVE-2011-2783

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=83273
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74233
https://exchange.xforce.ibmcloud.com/vulnerabilities/68945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14406

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-08-03 00:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-2783

Mitre link : CVE-2011-2783

CVE.ORG link : CVE-2011-2783

JSON object : View

Products Affected

google

chrome

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-2783", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-08-03T00:55:01.737", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=83273", "source": "chrome-cve-admin@google.com"}, {"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://osvdb.org/74233", "source": "chrome-cve-admin@google.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68945", "source": "chrome-cve-admin@google.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14406", "source": "chrome-cve-admin@google.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension."}, {"lang": "es", "value": "Google Chrome anterior a v13.0.782.107 no asegura que en modo desarrolador, las instalaciones de extensi\u00f3n NPAPI han sido confirmadas por un cuadro de di\u00e1logo del navegador, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos modificar la funcionalidad del producto a trav\u00e9s de una extensi\u00f3n con un troyano."}], "lastModified": "2023-11-07T02:07:46.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0449DAC-673D-4A39-8DD6-F533629AF1A4", "versionEndExcluding": "13.0.782.107"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com"}