CVE-2011-3022

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=112236	Broken Link
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html	Release Notes Vendor Advisory
http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html	Release Notes Vendor Advisory
http://secunia.com/advisories/48016	Not Applicable
http://src.chromium.org/viewvc/chrome?view=rev&revision=120113	Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:google:chrome:19.0.1028.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1029.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1030.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1031.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1032.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1033.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1034.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1035.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.2:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.3:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.4:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.6:::::::*

History

No history.

Information

Published : 2012-02-16 20:55

Updated : 2020-04-16 16:49

NVD link : CVE-2011-3022

Mitre link : CVE-2011-3022

CVE.ORG link : CVE-2011-3022

JSON object : View

Products Affected

google

chrome

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2011-3022", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-16T20:55:03.863", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=112236", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48016", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=120113", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "translate/translate_manager.cc en Google Chrome antes de v17.0.963.56 y v19.x antes de v19.0.1036.7 utiliza una sesi\u00f3n HTTP para el intercambio de datos de traducci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible escuchando el tr\u00e1fico de la red."}], "lastModified": "2020-04-16T16:49:44.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0D2F65-669E-4A0F-89B9-4BF4B0C80CA3", "versionEndExcluding": "17.0.963.56"}, {"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4AD4047-2CD7-4CC2-BC38-564EA4156A6D", "versionEndExcluding": "19.0.1036.7", "versionStartIncluding": "19.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:19.0.1028.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D345594A-F246-4740-940B-ABE66D27A7D7"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1029.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A07E6C16-000B-438A-A1BE-846532508DE6"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1030.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253E8560-24DA-48C8-8B3D-75659E827BA1"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1031.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14E88B77-FD11-41F6-9C71-7081BD37A5B1"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1032.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF866887-D019-445E-80C3-C3918A847706"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1033.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2F59538-4819-4814-913E-60EBD954B665"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1034.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202E537F-82B0-4D58-A4A2-0E85F29D494D"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1035.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9873ACC-942D-4007-9983-93819FC16308"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E04201-F373-4FE6-9B5C-619F480FCB24"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86483445-5707-4A73-9488-29AC1F3804F4"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A078BFB-C24D-4AF3-A154-F03E879D4C72"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B8FE410-21C1-4876-8A9F-17E5D903DE2E"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29632E19-C5CD-4D00-AF96-D024CEF08AF7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}