CVE-2013-2879 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

5.8MEDIUMNVD

EPSS

0.5%

top 35.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux

Timeline

PublishedJul 10

Latest updateMay 17

Description

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDgoogle/chrome28.0.1500.70+62

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-rr46-qxmj-fg34: Google Chrome before 28↗2022-05-17

▶