CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
googlechrome
𝑥
≤ 18.0.1025306
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
quantal
not-affected
precise
Fixed 20.0.1132.47~r144678-0ubuntu0.12.04.1
released
oneiric
Fixed 23.0.1271.97-0ubuntu0.11.10.1
released
natty
ignored
lucid
Fixed 23.0.1271.97-0ubuntu0.10.04.1
released
hardy
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=138035
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=138035