Details of VAR-201401-0020

ID

VAR-201401-0020

CVE

CVE-2012-2898

TITLE

iPad On the device iOS Run in Google Chrome In Omnibox URL Vulnerabilities that are disguised

Trust: 0.8

sources: JVNDB: JVNDB-2012-006106

DESCRIPTION

Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. This vulnerability CVE-2012-0674 And related issues.By a third party SSL Depending on the problem with the error message, Omnibox URL May be disguised. An attacker may exploit this vulnerability to spoof the originating URL of a trusted web site. This issue may allow a remote attacker to carry out phishing-style attacks. Versions prior to Chrome 21.0.1180.82 are vulnerable. Google Chrome is a web browser developed by Google (Google)

Trust: 1.98

sources: NVD: CVE-2012-2898 // JVNDB: JVNDB-2012-006106 // BID: 64745 // VULHUB: VHN-56179

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.76	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.77	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.1	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.72	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.78	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.71	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.75	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.73	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.74	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.49	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.31	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.80	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.35	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.59	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.60	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.48	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.79	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	21.0.1180.81	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.52	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.57	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.54	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.56	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.68	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.70	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.55	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.33	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.62	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.47	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.36	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.63	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.41	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.37	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.38	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.39	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.53	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.34	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.69	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.46	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.32	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.64	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.51	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.61	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.50	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	21.0.1180.82 (ipad 2)	Trust: 0.8
vendor:	google	model:	chrome for ios	scope:	eq	version:	21.0.1180.80	Trust: 0.3
vendor:	google	model:	chrome for ios	scope:	ne	version:	21.0.1180.82	Trust: 0.3

sources: BID: 64745 // JVNDB: JVNDB-2012-006106 // CNNVD: CNNVD-201401-050 // NVD: CVE-2012-2898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2898
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-2898
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-050
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56179
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-2898
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56179
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56179 // JVNDB: JVNDB-2012-006106 // CNNVD: CNNVD-201401-050 // NVD: CVE-2012-2898

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-56179 // JVNDB: JVNDB-2012-006106 // NVD: CVE-2012-2898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-050

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201401-050

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006106

PATCH

title:	Issue 146760	url:	https://code.google.com/p/chromium/issues/detail?id=146760	Trust: 0.8
title:	Chrome for iOS Update	url:	http://googlechromereleases.blogspot.jp/2012/09/chrome-for-ios-update_24.html	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Google Chrome 21.0.1180.82	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47339	Trust: 0.6

sources: JVNDB: JVNDB-2012-006106 // CNNVD: CNNVD-201401-050

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2898	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-006106	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-050	Trust: 0.7
db:	BID	id:	64745	Trust: 0.4
db:	VULHUB	id:	VHN-56179	Trust: 0.1

sources: VULHUB: VHN-56179 // BID: 64745 // JVNDB: JVNDB-2012-006106 // CNNVD: CNNVD-201401-050 // NVD: CVE-2012-2898

REFERENCES

url:	http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html	Trust: 2.0
url:	https://code.google.com/p/chromium/issues/detail?id=146760	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2898	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2898	Trust: 0.8
url:	https://itunes.apple.com/in/app/chrome/id535886823?mt=8	Trust: 0.3

sources: VULHUB: VHN-56179 // BID: 64745 // JVNDB: JVNDB-2012-006106 // CNNVD: CNNVD-201401-050 // NVD: CVE-2012-2898

CREDITS

Lukasz Pilorz.

Trust: 0.3

sources: BID: 64745

SOURCES

db:	VULHUB	id:	VHN-56179
db:	BID	id:	64745
db:	JVNDB	id:	JVNDB-2012-006106
db:	CNNVD	id:	CNNVD-201401-050
db:	NVD	id:	CVE-2012-2898

LAST UPDATE DATE

2025-04-11T23:16:35.729000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56179	date:	2014-01-07T00:00:00
db:	BID	id:	64745	date:	2012-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2012-006106	date:	2014-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201401-050	date:	2014-01-06T00:00:00
db:	NVD	id:	CVE-2012-2898	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56179	date:	2014-01-05T00:00:00
db:	BID	id:	64745	date:	2012-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2012-006106	date:	2014-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201401-050	date:	2014-01-06T00:00:00
db:	NVD	id:	CVE-2012-2898	date:	2014-01-05T20:55:03.897