CVE-2012-5376

critical

Published 2012-10-11 · Modified 2026-04-29

CVSS v3

9.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v2

9.3

VIR risk

9.6

Description

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

Predictions

Exploit likelihood

96%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://code.google.com/p/chromium/issues/detail?id=154987

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://code.google.com/p/chromium/issues/detail?id=154983

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html

Application impact

Vendor	Product	Versions	Fixed
google	chrome	`{"endExcluding":"22.0.1229.94"}`	`22.0.1229.94`

References

CWEs

CWE-269

Verify integrity in audit chain (admin only). AS-IS.