CVE-2013-2853 — Google Chrome vulnerability

2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 45.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJul 10

Latest updateMay 17

Description

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome28.0.1500.70+62

🔴Vulnerability Details

GHSA

GHSA-4w8v-46j6-77cf: The HTTPS implementation in Google Chrome before 28↗2022-05-17

▶