製品・ソフトウェアに関する情報

JVN脆弱性詳細

Google Chrome におけるサンドボックス保護メカニズムを回避される脆弱性

Title	Google Chrome におけるサンドボックス保護メカニズムを回避される脆弱性
Summary	Google Chrome には、サンドボックス保護メカニズムを回避される脆弱性が存在します。
Possible impacts	第三者により、サンドボックス化されたプロセスへアクセスされることで、サンドボックス保護メカニズムを回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 22, 2012, midnight
Registration Date	March 27, 2012, 2:21 p.m.
Last Update	March 27, 2012, 2:21 p.m.

Affected System

Google

Google Chrome 17.0.963.66 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1846	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1846
National Vulnerability Database (NVD)
2	CVE-2012-1846	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1846

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Google
1	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1846

Summary	Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
Publication Date	March 23, 2012, 1:55 a.m.
Registration Date	Jan. 28, 2021, 2:56 p.m.
Last Update	Nov. 21, 2024, 10:37 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			17.0.963.66

Related information, measures and tools

No	URL	タグ
1	http://pwn2own.zerodayinitiative.com/status.html	Not Applicable
2	http://pwn2own.zerodayinitiative.com/status.html	Not Applicable
3	http://twitter.com/vupen/statuses/177576000761237505	Broken Link
4	http://twitter.com/vupen/statuses/177576000761237505	Broken Link
5	http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/	Press/Media Coverage
6	http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/	Press/Media Coverage
7	http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588	Press/Media Coverage
8	http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588	Press/Media Coverage
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/74324	Third Party Advisory VDB Entry
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/74324	Third Party Advisory VDB Entry
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940	Third Party Advisory
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-668	誤った領域へのリソースの漏えい	https://cwe.mitre.org/data/definitions/668.html