Universal XSS (UXSS) Vulnerability in Google Chrome Extension Subsystem

Universal XSS (UXSS) Vulnerability in Google Chrome Extension Subsystem

CVE-2011-3046 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

Learn more about our Cis Benchmark Audit For Google Chrome.