CVE-2013-0912 — Code Injection in Google Chrome

CWE-94 — Code Injection7 documents4 sources

Severity

7.5HIGHNVD

NVD7.2

EPSS

2.5%

top 14.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Google Chrome

Timeline

PublishedMar 11

Latest updateMay 17

Description

WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome111 versions+110

▶Ubuntuwebkitgtk/webkitgtk< 2.4.8-1ubuntu1~ubuntu14.04.1+1

🔴Vulnerability Details

GHSA

GHSA-fhmr-v3c3-9394: WebKit in Google Chrome before 25↗2022-05-17

▶

GHSA

GHSA-3jf3-rqfc-mfmr: Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and↗2022-05-14

▶

OSV

CVE-2013-0912: WebKit in Google Chrome before 25↗2013-03-11

▶

📄Research Papers

arXiv

SOK: On the Analysis of Web Browser Security↗2021-12-31

▶

arXiv

Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption↗2018-08-08

▶