Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2881
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.004
Percentile
73.5%
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Affected configurations
Node
googlechromeRange≤28.0.1500.94
ORgooglechromeMatch28.0.1500.0
ORgooglechromeMatch28.0.1500.2
ORgooglechromeMatch28.0.1500.3
ORgooglechromeMatch28.0.1500.4
ORgooglechromeMatch28.0.1500.5
ORgooglechromeMatch28.0.1500.6
ORgooglechromeMatch28.0.1500.8
ORgooglechromeMatch28.0.1500.9
ORgooglechromeMatch28.0.1500.10
ORgooglechromeMatch28.0.1500.11
ORgooglechromeMatch28.0.1500.12
ORgooglechromeMatch28.0.1500.13
ORgooglechromeMatch28.0.1500.14
ORgooglechromeMatch28.0.1500.15
ORgooglechromeMatch28.0.1500.16
ORgooglechromeMatch28.0.1500.17
ORgooglechromeMatch28.0.1500.18
ORgooglechromeMatch28.0.1500.19
ORgooglechromeMatch28.0.1500.20
ORgooglechromeMatch28.0.1500.21
ORgooglechromeMatch28.0.1500.22
ORgooglechromeMatch28.0.1500.23
ORgooglechromeMatch28.0.1500.24
ORgooglechromeMatch28.0.1500.25
ORgooglechromeMatch28.0.1500.26
ORgooglechromeMatch28.0.1500.27
ORgooglechromeMatch28.0.1500.28
ORgooglechromeMatch28.0.1500.29
ORgooglechromeMatch28.0.1500.31
ORgooglechromeMatch28.0.1500.32
ORgooglechromeMatch28.0.1500.33
ORgooglechromeMatch28.0.1500.34
ORgooglechromeMatch28.0.1500.35
ORgooglechromeMatch28.0.1500.36
ORgooglechromeMatch28.0.1500.37
ORgooglechromeMatch28.0.1500.38
ORgooglechromeMatch28.0.1500.39
ORgooglechromeMatch28.0.1500.40
ORgooglechromeMatch28.0.1500.41
ORgooglechromeMatch28.0.1500.42
ORgooglechromeMatch28.0.1500.43
ORgooglechromeMatch28.0.1500.44
ORgooglechromeMatch28.0.1500.45
ORgooglechromeMatch28.0.1500.46
ORgooglechromeMatch28.0.1500.47
ORgooglechromeMatch28.0.1500.48
ORgooglechromeMatch28.0.1500.49
ORgooglechromeMatch28.0.1500.50
ORgooglechromeMatch28.0.1500.51
ORgooglechromeMatch28.0.1500.52
ORgooglechromeMatch28.0.1500.53
ORgooglechromeMatch28.0.1500.54
ORgooglechromeMatch28.0.1500.56
ORgooglechromeMatch28.0.1500.58
ORgooglechromeMatch28.0.1500.59
ORgooglechromeMatch28.0.1500.60
ORgooglechromeMatch28.0.1500.61
ORgooglechromeMatch28.0.1500.62
ORgooglechromeMatch28.0.1500.63
ORgooglechromeMatch28.0.1500.64
ORgooglechromeMatch28.0.1500.66
ORgooglechromeMatch28.0.1500.68
ORgooglechromeMatch28.0.1500.70
ORgooglechromeMatch28.0.1500.71
ORgooglechromeMatch28.0.1500.72
ORgooglechromeMatch28.0.1500.89
ORgooglechromeMatch28.0.1500.91
ORgooglechromeMatch28.0.1500.93
Node
debiandebian_linuxMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.0 | cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.2 | cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.3 | cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.4 | cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.5 | cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.6 | cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.8 | cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.9 | cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:* | |
| chrome | 28.0.1500.10 | cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:* |
References
googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html
www.debian.org/security/2013/dsa-2732
code.google.com/p/chromium/issues/detail?id=257748
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348
src.chromium.org/viewvc/blink?revision=153929&view=revision
Related
cvelist
cvelist
CVE-2013-2881
2013-07-30 21:00:00
cve
cve
CVE-2013-2881
2013-07-31 13:20:13
ubuntucve
ubuntucve
CVE-2013-2881
2013-07-31 00:00:00
prion
prion
Authentication flaw
2013-07-31 13:20:00
debiancve
debiancve
CVE-2013-2881
2013-07-31 13:20:00
nessus
nessus
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
2013-07-31 00:00:00
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
2013-07-31 00:00:00
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
2013-07-30 00:00:00
chrome
chrome
Stable Channel Update
2013-07-30 00:00:00
debian
debian
[SECURITY] [DSA 2732-1] chromium-browser security update
2013-08-02 23:40:17
osv
osv
chromium-browser - several
2013-07-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0249)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-2732-1)
2013-07-30 00:00:00
Google Chrome Security Updates (stable-channel-update_30-2013-07) - Linux
2016-10-19 00:00:00
seebug
seebug
Google Chrome 28.0.1500.95之前版本多个安全漏洞
2013-08-05 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-07-30 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2013-08-17 12:39:42
securityvulns
securityvulns
[SECURITY] [DSA 2732-1] chromium-browser security update
2013-08-12 00:00:00
Chromium / Google Chrome multiple security vulnerabilities
2013-08-12 00:00:00
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2013-09-24 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.004
Percentile
73.5%
Related for NVD:CVE-2013-2881