CVE-2013-0927Link Following in Google Chrome OS

CWE-59Link Following3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 58.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome OS
Timeline
PublishedApr 10
Latest updateMay 17

Description

Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome_os26.0.1410.56+53

🔴Vulnerability Details

2
GHSA
GHSA-cp8g-g2cj-x6hm: Google Chrome OS before 262022-05-17
CVEList
CVE-2013-0927: Google Chrome OS before 262013-04-10
CVE-2013-0927 — Link Following in Google Chrome OS | cvebase