CVE-2013-2835Google Chrome OS vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 75.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome OS
Timeline
PublishedApr 16
Latest updateMay 17

Description

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome_os26.0.1410.56+53

🔴Vulnerability Details

2
GHSA
GHSA-4m4m-6w8x-jm7p: Google Chrome OS before 262022-05-17
CVEList
CVE-2013-2835: Google Chrome OS before 262013-04-16
CVE-2013-2835 — Google Chrome OS vulnerability | cvebase