CVE-2012-4907

Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
googlechrome
𝑥
≤ 18.0.1025306
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
quantal
not-affected
precise
Fixed 20.0.1132.47~r144678-0ubuntu0.12.04.1
released
oneiric
Fixed 23.0.1271.97-0ubuntu0.11.10.1
released
natty
ignored
lucid
Fixed 23.0.1271.97-0ubuntu0.10.04.1
released
hardy
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=137532
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
https://code.google.com/p/chromium/issues/detail?id=137532