CVE-2013-6666Google Chrome vulnerability

CWE-2642 documents2 sources
Severity
5.8MEDIUMNVD
EPSS
0.3%
top 49.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMar 5
Latest updateMay 17

Description

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDgoogle/chrome33.0.1750.144+105

🔴Vulnerability Details

1
GHSA
GHSA-qp9p-p38x-xjv3: The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host2022-05-17