WebKit Vulnerability in Apple Safari and Google Chrome Affects User Data Security
CVE-2011-4692

Currently unrated

Key Information:

Vendor: Apple
Status: Safari; Webkit
Vendor: CVE Published:; 7 December 2011

Summary

A vulnerability in WebKit, utilized by Apple Safari versions up to 5.1.1 and Google Chrome versions up to 15, allows attackers to exploit the browser's handling of image loading times. By crafting specific JavaScript code, attackers can discern whether certain images are stored in the browser cache. This information leakage poses risks to user privacy as malicious entities can infer sensitive information based on cache presence. The vulnerability underscores the need for timely updates and enhanced browser security measures to safeguard against such exploits.

References

http://lcamtuf.coredump.cx/cachetime/

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://oxplot.github.com/visipisi/visipisi.html

x_refsource_MISC

Timeline

Vulnerability published
Dec 7, 2011
Vulnerability Reserved
Dec 7, 2011