CVE 2011-3956
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
Related bugs and status
CVE-2011-3956 (Candidate) is related to these bugs:
Bug #931905: Update to 17.0.963.46
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu) | Medium | Fix Released | ||
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu Lucid) | Medium | Fix Released | ||
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu Maverick) | Medium | Fix Released | ||
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu Oneiric) | Medium | Fix Released | ||
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu Natty) | Medium | Fix Released | ||
| 931905 | Update to 17.0.963.46 | chromium-browser (Ubuntu Precise) | Medium | Fix Released | ||
Bug #933262: Update to 17.0.963.56
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu) | Medium | Fix Released | ||
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu Lucid) | Medium | Fix Released | ||
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu Maverick) | Medium | Fix Released | ||
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu Precise) | Medium | Fix Released | ||
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu Oneiric) | Medium | Fix Released | ||
| 933262 | Update to 17.0.963.56 | chromium-browser (Ubuntu Natty) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
