Denial of Service Vulnerability in Google Chrome WebKit Plugin Container
CVE-2011-1459

6.5MEDIUM

Key Information:

Vendor
Google
Status
Blink
Vendor
CVE Published:
5 November 2019

Summary

The vulnerability exists in the WebKit::WebPluginContainerImpl::handleEvent function within Google Chrome prior to the Blink M11 release. An attacker could exploit this flaw to crash the browser, leading to a denial of service by manipulating the handling of events via the htmlpluginelement.cpp plugin. It is crucial for users to ensure their browser is up to date to mitigate this risk.

References

https://bugs.chromium.org/p/chromium/issues/detail?id=76474
x_refsource_MISC
http://trac.webkit.org/changeset/81795
x_refsource_MISC
http://trac.webkit.org/changeset/81891
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.