CVE-2013-0889Incorrect Authorization in Google Chrome

CWE-863Incorrect Authorization3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
1.3%
top 20.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeOpensuse
Timeline
PublishedFeb 23
Latest updateMay 14

Description

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDgoogle/chrome< 25.0.1364.97+1
NVDopensuse/opensuse12.1, 12.2+1

🔴Vulnerability Details

1
GHSA
GHSA-fxg8-6794-76gp: Google Chrome before 252022-05-14

💬Community

1
Bugzilla
CVE-2013-1764 PackageKit: downgrade packages when using the Zypper backend2014-04-24
CVE-2013-0889 — Incorrect Authorization in Google | cvebase