CVE-2011-3022

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=112236	Broken Link
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html	Release Notes Vendor Advisory
http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html	Release Notes Vendor Advisory
http://secunia.com/advisories/48016	Not Applicable
http://src.chromium.org/viewvc/chrome?view=rev&revision=120113	Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025	Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=112236	Broken Link
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html	Release Notes Vendor Advisory
http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html	Release Notes Vendor Advisory
http://secunia.com/advisories/48016	Not Applicable
http://src.chromium.org/viewvc/chrome?view=rev&revision=120113	Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:google:chrome:19.0.1028.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1029.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1030.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1031.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1032.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1033.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1034.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1035.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.0:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.2:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.3:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.4:::::::*
	cpe:2.3:a:google:chrome:19.0.1036.6:::::::*

History

21 Nov 2024, 01:29

Type	Values Removed	Values Added
References	~~() http://code.google.com/p/chromium/issues/detail?id=112236 - Broken Link~~	() http://code.google.com/p/chromium/issues/detail?id=112236 - Broken Link
References	~~() http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html - Release Notes, Vendor Advisory
References	~~() http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html - Release Notes, Vendor Advisory
References	~~() http://secunia.com/advisories/48016 - Not Applicable~~	() http://secunia.com/advisories/48016 - Not Applicable
References	~~() http://src.chromium.org/viewvc/chrome?view=rev&revision=120113 - Issue Tracking, Patch, Vendor Advisory~~	() http://src.chromium.org/viewvc/chrome?view=rev&revision=120113 - Issue Tracking, Patch, Vendor Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025 - Third Party Advisory

Information

Published : 2012-02-16 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-3022

Mitre link : CVE-2011-3022

CVE.ORG link : CVE-2011-3022

JSON object : View

Products Affected

google

chrome

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2011-3022", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-16T20:55:03.863", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=112236", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48016", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=120113", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://code.google.com/p/chromium/issues/detail?id=112236", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/48016", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=120113", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "translate/translate_manager.cc en Google Chrome antes de v17.0.963.56 y v19.x antes de v19.0.1036.7 utiliza una sesi\u00f3n HTTP para el intercambio de datos de traducci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible escuchando el tr\u00e1fico de la red."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0D2F65-669E-4A0F-89B9-4BF4B0C80CA3", "versionEndExcluding": "17.0.963.56"}, {"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4AD4047-2CD7-4CC2-BC38-564EA4156A6D", "versionEndExcluding": "19.0.1036.7", "versionStartIncluding": "19.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:19.0.1028.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D345594A-F246-4740-940B-ABE66D27A7D7"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1029.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A07E6C16-000B-438A-A1BE-846532508DE6"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1030.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253E8560-24DA-48C8-8B3D-75659E827BA1"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1031.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14E88B77-FD11-41F6-9C71-7081BD37A5B1"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1032.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF866887-D019-445E-80C3-C3918A847706"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1033.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2F59538-4819-4814-913E-60EBD954B665"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1034.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202E537F-82B0-4D58-A4A2-0E85F29D494D"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1035.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9873ACC-942D-4007-9983-93819FC16308"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E04201-F373-4FE6-9B5C-619F480FCB24"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86483445-5707-4A73-9488-29AC1F3804F4"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A078BFB-C24D-4AF3-A154-F03E879D4C72"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B8FE410-21C1-4876-8A9F-17E5D903DE2E"}, {"criteria": "cpe:2.3:a:google:chrome:19.0.1036.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29632E19-C5CD-4D00-AF96-D024CEF08AF7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10