CVE-2012-5376
Published: 11 October 2012
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser
Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(3.0.1271.97-0ubuntu0.10.04.1)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(3.0.1271.97-0ubuntu0.11.10.1)
|
|
precise |
Released
(3.0.1271.97-0ubuntu0.12.04.1)
|
|
quantal |
Released
(3.0.1271.97-0ubuntu0.12.10.1)
|
|
upstream |
Released
(22.0.1229.94)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.6 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References
- http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html
- http://code.google.com/p/chromium/issues/detail?id=154987
- http://code.google.com/p/chromium/issues/detail?id=154983
- http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
- https://www.cve.org/CVERecord?id=CVE-2012-5376
- NVD
- Launchpad
- Debian