Google Chrome 'HTTP Session' Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to the Google Chrome 17.0.963.56 or 19.0.1036.7 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to 'translate/translate_manager.cc', which uses HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected

Google Chrome version prior to 17.0.963.56 and 19.x before 19.0.1036.7 on Windows

References

http://googlechromereleases.blogspot.in/2012/02/chrome-stable-update.html
http://secunia.com/advisories/48016/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3022

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
Apple Safari Webkit Multiple Vulnerabilities - March 2011

Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows)

Take action and discover your vulnerabilities