The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
References
Configurations
History
No history.
Information
Published : 2012-03-09 00:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-3046
Mitre link : CVE-2011-3046
CVE.ORG link : CVE-2011-3046
JSON object : View
Products Affected
apple
- iphone_os
- safari
- chrome
opensuse
- opensuse
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')