Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 15.0.874.120 (excluding) | |
Chromium-browser | Ubuntu | lucid | * |
Chromium-browser | Ubuntu | maverick | * |
Chromium-browser | Ubuntu | natty | * |
Chromium-browser | Ubuntu | oneiric | * |
Chromium-browser | Ubuntu | precise | * |