Info

Disclosure

Aug 02, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 02, 2011

Description

Google Chrome contains a flaw that may lead to unauthorized disclosure of potentially sensitive information as JavaScript is allowed access to the 'getProgramInfoLog' method. With a specially crafted web page, a context-dependent attacker may disclose local paths and usernames.

Classification

Location: Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 13.0.782.107 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

12.0.742.122

References

OVAL ID: 14580
CVE ID: 2011-2784 (see also: NVD)
Secunia Advisory ID: 45498 45691
Bugtraq ID: 48960
ISS X-Force ID: 68946
Related OSVDB ID: 74228 74229 74230 74231 74232 74233 74235 74236 74237 74238 74239 74240 74241 74242 74243 74244 74245 74246 74247 74248 74250 74251 74252 74253 74254 74255 74256 74257 74258
Vendor Specific News/Changelog Entry: http://code.google.com/p/angleproject/issues/detail?id=162
http://code.google.com/p/chromium/issues/detail?id=83841
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
Other Advisory URL: http://www.srware.net/forum/viewtopic.php?f=18&t=2552

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/74234