CVE-2013-2834Google Chrome OS vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 64.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome OS
Timeline
PublishedApr 16
Latest updateMay 17

Description

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome_os26.0.1410.56+53

🔴Vulnerability Details

2
GHSA
GHSA-crv3-xr2q-rcg5: Google Chrome OS before 262022-05-17
CVEList
CVE-2013-2834: Google Chrome OS before 262013-04-16
CVE-2013-2834 — Google Chrome OS vulnerability | cvebase