CVE-2013-6652Path Traversal in Google Chrome

CWE-22Path Traversal2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 47.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedFeb 24
Latest updateMay 17

Description

Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome33.0.1750.116+96

Patches

Patch: src.chromium.orgPatch: src.chromium.org

🔴Vulnerability Details

1
GHSA
GHSA-wwr8-3jm4-84rq: Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher2022-05-17