CVE-2011-5319

Description

content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C

EPSS Score

Exploitation Probability

0.373

Associated Vulnerability

Vulnerability	OS Platform
Updates for Google Chrome (66.0.3359.170)	Windows
Updates for Google Chrome (x64) (66.0.3359.170)	Windows
Updates for Google Chrome (66.0.3359.181)	Windows
Updates for Google Chrome (x64) (66.0.3359.181)	Windows
Updates for Google Chrome (67.0.3396.62)	Windows
Updates for Google Chrome (x64) (67.0.3396.62)	Windows
Updates for Google Chrome (67.0.3396.79)	Windows
Updates for Google Chrome (x64) (67.0.3396.79)	Windows
Updates for Google Chrome (67.0.3396.87)	Windows
Updates for Google Chrome (x64) (67.0.3396.87)	Windows
Google Chrome (67.0.3396.99)	Windows
Google Chrome (x64) (67.0.3396.99)	Windows
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)	Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)	Linux
Google Chrome (67.0.3396.99) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)	Linux
Google Chrome (67.0.3396.99) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)	Linux
Google Chrome (67.0.3396.99) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)	Linux
Google Chrome (67.0.3396.99) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)	Linux
Google Chrome (67.0.3396.99) (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-307513	Updates for Google Chrome (66.0.3359.170)
PATCH-307515	Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534	Updates for Google Chrome (66.0.3359.181)
PATCH-307535	Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607	Updates for Google Chrome (67.0.3396.62)
PATCH-307608	Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641	Updates for Google Chrome (67.0.3396.79)
PATCH-307644	Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660	Updates for Google Chrome (67.0.3396.87)
PATCH-307662	Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715	Google Chrome (67.0.3396.99)
PATCH-307716	Google Chrome (x64) (67.0.3396.99)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234