CVE-2012-2886: XSS
First published: Wed Sep 26 2012(Updated: )
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | <=22.0.1229.78 | |
| Google Chrome (Trace Event) | =22.0.1229.0 | |
| Google Chrome (Trace Event) | =22.0.1229.1 | |
| Google Chrome (Trace Event) | =22.0.1229.2 | |
| Google Chrome (Trace Event) | =22.0.1229.3 | |
| Google Chrome (Trace Event) | =22.0.1229.4 | |
| Google Chrome (Trace Event) | =22.0.1229.6 | |
| Google Chrome (Trace Event) | =22.0.1229.7 | |
| Google Chrome (Trace Event) | =22.0.1229.8 | |
| Google Chrome (Trace Event) | =22.0.1229.9 | |
| Google Chrome (Trace Event) | =22.0.1229.10 | |
| Google Chrome (Trace Event) | =22.0.1229.11 | |
| Google Chrome (Trace Event) | =22.0.1229.12 | |
| Google Chrome (Trace Event) | =22.0.1229.14 | |
| Google Chrome (Trace Event) | =22.0.1229.16 | |
| Google Chrome (Trace Event) | =22.0.1229.17 | |
| Google Chrome (Trace Event) | =22.0.1229.18 | |
| Google Chrome (Trace Event) | =22.0.1229.20 | |
| Google Chrome (Trace Event) | =22.0.1229.21 | |
| Google Chrome (Trace Event) | =22.0.1229.22 | |
| Google Chrome (Trace Event) | =22.0.1229.23 | |
| Google Chrome (Trace Event) | =22.0.1229.24 | |
| Google Chrome (Trace Event) | =22.0.1229.25 | |
| Google Chrome (Trace Event) | =22.0.1229.26 | |
| Google Chrome (Trace Event) | =22.0.1229.27 | |
| Google Chrome (Trace Event) | =22.0.1229.28 | |
| Google Chrome (Trace Event) | =22.0.1229.29 | |
| Google Chrome (Trace Event) | =22.0.1229.31 | |
| Google Chrome (Trace Event) | =22.0.1229.32 | |
| Google Chrome (Trace Event) | =22.0.1229.33 | |
| Google Chrome (Trace Event) | =22.0.1229.35 | |
| Google Chrome (Trace Event) | =22.0.1229.36 | |
| Google Chrome (Trace Event) | =22.0.1229.37 | |
| Google Chrome (Trace Event) | =22.0.1229.39 | |
| Google Chrome (Trace Event) | =22.0.1229.48 | |
| Google Chrome (Trace Event) | =22.0.1229.49 | |
| Google Chrome (Trace Event) | =22.0.1229.50 | |
| Google Chrome (Trace Event) | =22.0.1229.51 | |
| Google Chrome (Trace Event) | =22.0.1229.52 | |
| Google Chrome (Trace Event) | =22.0.1229.53 | |
| Google Chrome (Trace Event) | =22.0.1229.54 | |
| Google Chrome (Trace Event) | =22.0.1229.55 | |
| Google Chrome (Trace Event) | =22.0.1229.56 | |
| Google Chrome (Trace Event) | =22.0.1229.57 | |
| Google Chrome (Trace Event) | =22.0.1229.58 | |
| Google Chrome (Trace Event) | =22.0.1229.59 | |
| Google Chrome (Trace Event) | =22.0.1229.60 | |
| Google Chrome (Trace Event) | =22.0.1229.62 | |
| Google Chrome (Trace Event) | =22.0.1229.63 | |
| Google Chrome (Trace Event) | =22.0.1229.64 | |
| Google Chrome (Trace Event) | =22.0.1229.65 | |
| Google Chrome (Trace Event) | =22.0.1229.67 | |
| Google Chrome (Trace Event) | =22.0.1229.76 | |
| SUSE Linux | =12.1 | |
| SUSE Linux | =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
- https://code.google.com/p/chromium/issues/detail?id=143437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78824
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14916
Frequently Asked Questions
What is the severity of CVE-2012-2886?
CVE-2012-2886 has a high severity level due to its potential for remote exploitation via cross-site scripting.
How do I fix CVE-2012-2886?
To fix CVE-2012-2886, upgrade Google Chrome to version 22.0.1229.79 or later.
Which versions of Google Chrome are affected by CVE-2012-2886?
CVE-2012-2886 affects all versions of Google Chrome prior to 22.0.1229.79.
What type of vulnerability is CVE-2012-2886?
CVE-2012-2886 is classified as a cross-site scripting (XSS) vulnerability.
Who can exploit CVE-2012-2886?
CVE-2012-2886 can be exploited by remote attackers who can inject arbitrary web script or HTML.
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/22.0.1229.78
- version/google chrome (trace event)/22.0.1229.0
- version/google chrome (trace event)/22.0.1229.1
- version/google chrome (trace event)/22.0.1229.2
- version/google chrome (trace event)/22.0.1229.3
- version/google chrome (trace event)/22.0.1229.4
- version/google chrome (trace event)/22.0.1229.6
- version/google chrome (trace event)/22.0.1229.7
- version/google chrome (trace event)/22.0.1229.8
- version/google chrome (trace event)/22.0.1229.9
- version/google chrome (trace event)/22.0.1229.10
- version/google chrome (trace event)/22.0.1229.11
- version/google chrome (trace event)/22.0.1229.12
- version/google chrome (trace event)/22.0.1229.14
- version/google chrome (trace event)/22.0.1229.16
- version/google chrome (trace event)/22.0.1229.17
- version/google chrome (trace event)/22.0.1229.18
- version/google chrome (trace event)/22.0.1229.20
- version/google chrome (trace event)/22.0.1229.21
- version/google chrome (trace event)/22.0.1229.22
- version/google chrome (trace event)/22.0.1229.23
- version/google chrome (trace event)/22.0.1229.24
- version/google chrome (trace event)/22.0.1229.25
- version/google chrome (trace event)/22.0.1229.26
- version/google chrome (trace event)/22.0.1229.27
- version/google chrome (trace event)/22.0.1229.28
- version/google chrome (trace event)/22.0.1229.29
- version/google chrome (trace event)/22.0.1229.31
- version/google chrome (trace event)/22.0.1229.32
- version/google chrome (trace event)/22.0.1229.33
- version/google chrome (trace event)/22.0.1229.35
- version/google chrome (trace event)/22.0.1229.36
- version/google chrome (trace event)/22.0.1229.37
- version/google chrome (trace event)/22.0.1229.39
- version/google chrome (trace event)/22.0.1229.48
- version/google chrome (trace event)/22.0.1229.49
- version/google chrome (trace event)/22.0.1229.50
- version/google chrome (trace event)/22.0.1229.51
- version/google chrome (trace event)/22.0.1229.52
- version/google chrome (trace event)/22.0.1229.53
- version/google chrome (trace event)/22.0.1229.54
- version/google chrome (trace event)/22.0.1229.55
- version/google chrome (trace event)/22.0.1229.56
- version/google chrome (trace event)/22.0.1229.57
- version/google chrome (trace event)/22.0.1229.58
- version/google chrome (trace event)/22.0.1229.59
- version/google chrome (trace event)/22.0.1229.60
- version/google chrome (trace event)/22.0.1229.62
- version/google chrome (trace event)/22.0.1229.63
- version/google chrome (trace event)/22.0.1229.64
- version/google chrome (trace event)/22.0.1229.65
- version/google chrome (trace event)/22.0.1229.67
- version/google chrome (trace event)/22.0.1229.76
- vendor/opensuse
- canonical/suse linux
- version/suse linux/12.1
- version/suse linux/12.2