Lucene search
HistoryJul 10, 2013 - 10:55 a.m.
CVE-2013-2868
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.006
Percentile
78.7%
common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors.
Affected configurations
Node
debiandebian_linuxMatch7.0
Node
googlechromeRange≤28.0.1500.70
ORgooglechromeMatch28.0.1500.0
ORgooglechromeMatch28.0.1500.2
ORgooglechromeMatch28.0.1500.3
ORgooglechromeMatch28.0.1500.4
ORgooglechromeMatch28.0.1500.5
ORgooglechromeMatch28.0.1500.6
ORgooglechromeMatch28.0.1500.8
ORgooglechromeMatch28.0.1500.9
ORgooglechromeMatch28.0.1500.10
ORgooglechromeMatch28.0.1500.11
ORgooglechromeMatch28.0.1500.12
ORgooglechromeMatch28.0.1500.13
ORgooglechromeMatch28.0.1500.14
ORgooglechromeMatch28.0.1500.15
ORgooglechromeMatch28.0.1500.16
ORgooglechromeMatch28.0.1500.17
ORgooglechromeMatch28.0.1500.18
ORgooglechromeMatch28.0.1500.19
ORgooglechromeMatch28.0.1500.20
ORgooglechromeMatch28.0.1500.21
ORgooglechromeMatch28.0.1500.22
ORgooglechromeMatch28.0.1500.23
ORgooglechromeMatch28.0.1500.24
ORgooglechromeMatch28.0.1500.25
ORgooglechromeMatch28.0.1500.26
ORgooglechromeMatch28.0.1500.27
ORgooglechromeMatch28.0.1500.28
ORgooglechromeMatch28.0.1500.29
ORgooglechromeMatch28.0.1500.31
ORgooglechromeMatch28.0.1500.32
ORgooglechromeMatch28.0.1500.33
ORgooglechromeMatch28.0.1500.34
ORgooglechromeMatch28.0.1500.35
ORgooglechromeMatch28.0.1500.36
ORgooglechromeMatch28.0.1500.37
ORgooglechromeMatch28.0.1500.38
ORgooglechromeMatch28.0.1500.39
ORgooglechromeMatch28.0.1500.40
ORgooglechromeMatch28.0.1500.41
ORgooglechromeMatch28.0.1500.42
ORgooglechromeMatch28.0.1500.43
ORgooglechromeMatch28.0.1500.44
ORgooglechromeMatch28.0.1500.45
ORgooglechromeMatch28.0.1500.46
ORgooglechromeMatch28.0.1500.47
ORgooglechromeMatch28.0.1500.48
ORgooglechromeMatch28.0.1500.49
ORgooglechromeMatch28.0.1500.50
ORgooglechromeMatch28.0.1500.51
ORgooglechromeMatch28.0.1500.52
ORgooglechromeMatch28.0.1500.53
ORgooglechromeMatch28.0.1500.54
ORgooglechromeMatch28.0.1500.56
ORgooglechromeMatch28.0.1500.58
ORgooglechromeMatch28.0.1500.59
ORgooglechromeMatch28.0.1500.60
ORgooglechromeMatch28.0.1500.61
ORgooglechromeMatch28.0.1500.62
ORgooglechromeMatch28.0.1500.63
ORgooglechromeMatch28.0.1500.64
ORgooglechromeMatch28.0.1500.66
ORgooglechromeMatch28.0.1500.68
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.0 | cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.2 | cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.3 | cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.4 | cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.5 | cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.6 | cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.8 | cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.9 | cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:* |
References
git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c
googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
www.debian.org/security/2013/dsa-2724
code.google.com/p/chromium/issues/detail?id=252034
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17347
Related
cvelist
cvelist
CVE-2013-2868
2013-07-10 10:00:00
prion
prion
Code injection
2013-07-10 10:55:00
ubuntucve
ubuntucve
CVE-2013-2868
2013-07-10 00:00:00
debiancve
debiancve
CVE-2013-2868
2013-07-10 10:55:00
cve
cve
CVE-2013-2868
2013-07-10 10:55:01
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0234)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-2724-1)
2013-07-16 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2013-07-26 15:52:03
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-07-09 00:00:00
debian
debian
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-18 21:59:40
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-18 21:59:40
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (3b80104f-e96c-11e2-8bac-00262d5ed8ee)
2013-07-11 00:00:00
Debian DSA-2724-1 : chromium-browser - several vulnerabilities
2013-07-19 00:00:00
Google Chrome < 28.0.1500.71 Multiple Vulnerabilities
2013-07-10 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-19 00:00:00
Chromium / Google Chrome multiple security vulnerabilities
2013-08-12 00:00:00
osv
osv
chromium-browser - several
2013-07-17 00:00:00
threatpost
threatpost
Google Fixes 17 Flaws in Chrome 28
2013-07-10 09:37:49
chrome
chrome
Stable Channel Update
2013-07-09 00:00:00
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2013-09-24 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.006
Percentile
78.7%
Related for NVD:CVE-2013-2868