CVE-2011-3640

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 17

Description The issue is related to an untrusted search path vulnerability in Mozilla Network Security Services (NSS) as used in Google Chrome. This might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. The vendor has responded that they do not consider this behavior a security bug.

Recommendations For versions prior to 17, consider restricting access to top-level directories to prevent the placement of malicious pkcs11.txt files until a resolution is determined. At the moment, there is no information about a newer version that contains a fix for this vulnerability.