CVE-2013-0885 — Incorrect Permission Assignment in Google Chrome

CWE-732 — Incorrect Permission Assignment2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse

Timeline

PublishedFeb 23

Latest updateMay 14

Description

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome< 25.0.1364.97+1

▶NVDopensuse/opensuse12.1, 12.2+1

🔴Vulnerability Details

GHSA

GHSA-jg6q-rjpx-vg7v: Google Chrome before 25↗2022-05-14

▶