PT-2011-5038 · Google+1 · Google Chrome+2

Published

2011-12-07

Updated

2017-09-19

CVE-2011-4692

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebKit, as used in Apple Safari versions 5.1.1 and earlier WebKit, as used in Google Chrome versions 15 and earlier

Description The issue allows remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, by capturing data about the time required for image loading. This can be achieved by exploiting the lack of prevention of data capture about image loading times.

Recommendations For Apple Safari versions 5.1.1 and earlier, update to a version later than 5.1.1 to resolve the issue. For Google Chrome versions 15 and earlier, update to a version later than 15 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-4692

Affected Products

Google Chrome

Safari

Webkit

PT-2011-5038 · Google+1 · Google Chrome+2

CVE-2011-4692

Weakness Enumeration

Related Identifiers

Affected Products

References · 7