CVE-2011-1185 | Vulnerability Database | Aqua Security

Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	10.0.648.127 (excluding)
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*
Chromium-browser	Ubuntu	natty	*
Chromium-browser	Ubuntu	oneiric	*
Chromium-browser	Ubuntu	precise	*
Chromium-browser	Ubuntu	quantal	*
Chromium-browser	Ubuntu	raring	*
Chromium-browser	Ubuntu	saucy	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Chromium-browser	Ubuntu	utopic	*
Chromium-browser	Ubuntu	vivid	*
Chromium-browser	Ubuntu	wily	*
Chromium-browser	Ubuntu	xenial	*
Chromium-browser	Ubuntu	yakkety	*
Webkit	Ubuntu	hardy	*
Webkit	Ubuntu	karmic	*
Webkit	Ubuntu	lucid	*
Webkit	Ubuntu	maverick	*
Webkit	Ubuntu	natty	*
Webkit	Ubuntu	oneiric	*
Webkit	Ubuntu	precise	*
Webkit	Ubuntu	quantal	*
Webkit	Ubuntu	raring	*
Webkit	Ubuntu	saucy	*
Webkitgtk	Ubuntu	utopic	*
Webkitgtk	Ubuntu	vivid	*

References

http://code.google.com/p/chromium/issues/detail?id=42574
http://code.google.com/p/chromium/issues/detail?id=42765
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
https://exchange.xforce.ibmcloud.com/vulnerabilities/65948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1185
CWE	https://cwe.mitre.org/data/definitions/.html