CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=136881
http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html
http://osvdb.org/85033
https://exchange.xforce.ibmcloud.com/vulnerabilities/78177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15842

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:21.0.1180.0:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.1:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.2:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.31:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.32:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.33:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.34:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.35:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.36:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.37:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.38:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.39:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.41:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.46:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.47:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.48:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.49:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.50:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.51:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.52:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.53:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.54:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.55:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.56:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.57:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.59:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.60:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.61:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.62:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.63:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.64:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.68:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.69:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.70:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.71:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.72:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.73:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.74:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.75:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.76:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.77:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.78:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.79:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.80:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.81:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.82:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.83:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.84:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.85:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.86:::::::*
	cpe:2.3:a:google:chrome:21.0.1180.87:::::::*

History

No history.

Information

Published : 2012-08-31 19:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-2868

Mitre link : CVE-2012-2868

CVE.ORG link : CVE-2012-2868

JSON object : View

Products Affected

google

chrome

opensuse

opensuse

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

6.8 /10