CVE-2011-3022

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/117.html
• https://cwe.mitre.org/data/definitions/383.html
• https://cwe.mitre.org/data/definitions/477.html
• https://cwe.mitre.org/data/definitions/65.html

References

• http://code.google.com/p/chromium/issues/detail?id=112236
• http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
• http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html
• http://secunia.com/advisories/48016
• http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=120113
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025
• http://code.google.com/p/chromium/issues/detail?id=112236
• http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
• http://googlechromereleases.blogspot.com/2012/02/dev-channel-update_10.html
• http://secunia.com/advisories/48016
• http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=120113
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15025