Google Chrome 'HTTP Session' Information Disclosure Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to the Google Chrome 17.0.963.56 or 19.0.1036.7 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to 'translate/translate_manager.cc', which uses HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected

Google Chrome version prior to 17.0.963.56 and 19.x before 19.0.1036.7 on Linux

References

http://googlechromereleases.blogspot.in/2012/02/chrome-stable-update.html
http://secunia.com/advisories/48016/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3022

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Apache /server-status accessible
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)

Google Chrome 'HTTP session' Information Disclosure Vulnerability (Linux)

Take action and discover your vulnerabilities