CVE-2012-4904

EUVD-2012-4829
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 18.0.1025306
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
Fixed 23.0.1271.97-0ubuntu0.10.04.1
released
natty
ignored
oneiric
Fixed 23.0.1271.97-0ubuntu0.11.10.1
released
precise
Fixed 20.0.1132.47~r144678-0ubuntu0.12.04.1
released
quantal
not-affected
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=138035
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=138035