Search for vulnerabilities
Vulnerability details: VCID-34tf-qwyt-aaar
Vulnerability ID VCID-34tf-qwyt-aaar
Aliases CVE-2011-3887
Summary Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-565 Reliance on Cookies without Validation and Integrity Checking
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3887.html
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2011-3887
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3887
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-3887
Reference id Reference type URL
http://code.google.com/p/chromium/issues/detail?id=98407
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3887.html
https://api.first.org/data/v1/epss?cve=CVE-2011-3887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3887
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
https://exchange.xforce.ibmcloud.com/vulnerabilities/70965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179
http://www.securitytracker.com/id?1026774
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
CVE-2011-3887 https://nvd.nist.gov/vuln/detail/CVE-2011-3887
GLSA-201111-01 https://security.gentoo.org/glsa/201111-01
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3887
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.47587
EPSS Score 0.00271
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.