CVE-2012-2848

The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	21.0.1180.56 (including)
Chrome	Google	21.0.1180.0 (including)	21.0.1180.0 (including)
Chrome	Google	21.0.1180.1 (including)	21.0.1180.1 (including)
Chrome	Google	21.0.1180.2 (including)	21.0.1180.2 (including)
Chrome	Google	21.0.1180.31 (including)	21.0.1180.31 (including)
Chrome	Google	21.0.1180.32 (including)	21.0.1180.32 (including)
Chrome	Google	21.0.1180.33 (including)	21.0.1180.33 (including)
Chrome	Google	21.0.1180.34 (including)	21.0.1180.34 (including)
Chrome	Google	21.0.1180.35 (including)	21.0.1180.35 (including)
Chrome	Google	21.0.1180.36 (including)	21.0.1180.36 (including)
Chrome	Google	21.0.1180.37 (including)	21.0.1180.37 (including)
Chrome	Google	21.0.1180.38 (including)	21.0.1180.38 (including)
Chrome	Google	21.0.1180.39 (including)	21.0.1180.39 (including)
Chrome	Google	21.0.1180.41 (including)	21.0.1180.41 (including)
Chrome	Google	21.0.1180.46 (including)	21.0.1180.46 (including)
Chrome	Google	21.0.1180.47 (including)	21.0.1180.47 (including)
Chrome	Google	21.0.1180.48 (including)	21.0.1180.48 (including)
Chrome	Google	21.0.1180.49 (including)	21.0.1180.49 (including)
Chrome	Google	21.0.1180.50 (including)	21.0.1180.50 (including)
Chrome	Google	21.0.1180.51 (including)	21.0.1180.51 (including)
Chrome	Google	21.0.1180.52 (including)	21.0.1180.52 (including)
Chrome	Google	21.0.1180.53 (including)	21.0.1180.53 (including)
Chrome	Google	21.0.1180.54 (including)	21.0.1180.54 (including)
Chrome	Google	21.0.1180.55 (including)	21.0.1180.55 (including)
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	natty	*
Chromium-browser	Ubuntu	oneiric	*
Chromium-browser	Ubuntu	precise	*
Chromium-browser	Ubuntu	quantal	*
Chromium-browser	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2848
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References