CVE-2013-0885

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255
https://code.google.com/p/chromium/issues/detail?id=172369
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:14

Type	Values Removed	Values Added
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=172369 - Permissions Required~~	() https://code.google.com/p/chromium/issues/detail?id=172369 -
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html - Broken Link, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html -

Information

Published : 2013-02-23 21:55

Updated : 2023-11-07 02:14

NVD link : CVE-2013-0885

Mitre link : CVE-2013-0885

JSON object : View

Products Affected

google

chrome

apple

mac_os_x

opensuse

opensuse

linux

linux_kernel

microsoft

windows

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "tags": [], "refsource": ""}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255", "name": "oval:org.mitre.oval:def:16255", "tags": [], "refsource": "OVAL"}, {"url": "https://code.google.com/p/chromium/issues/detail?id=172369", "name": "https://code.google.com/p/chromium/issues/detail?id=172369", "tags": [], "refsource": ""}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html", "name": "openSUSE-SU-2013:0454", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-732"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0885", "ASSIGNER": "chrome-cve-admin@google.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-02-23T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.1364.97"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.1364.99"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-11-07T02:14Z"}