CVE-2011-5319

Sažetak

content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.

Reference

http://dl.acm.org/citation.cfm?id=2046771
http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf
https://code.google.com/p/chromium/issues/detail?id=421691
https://code.google.com/p/chromium/issues/detail?id=463349

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-03-2015 - 17:49

Objavljeno

09-03-2015 - 00:59