Vulnerability in Google Chrome
CVE-2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to o…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.043 (89.8th percentile) — read the EPSS interpretation.
Affected products
- Google Chrome
- Mozilla Firefox
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_HP, vendor-advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (vendor-advisory, x_refsource_FEDORA)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_MISC)
Frequently asked questions
- What is CVE-2012-4929?
- CVE-2012-4929 is a vulnerability in Google Chrome, classified under Cryptographic Issues. Published 2012-09-15.
- Is CVE-2012-4929 known to be exploited?
- 63 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.