[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2866Date: (C)2013-06-19   (M)2023-12-22


The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
IAVM:2013-B-0069
http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html
http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html
http://habrahabr.ru/post/182706/
https://code.google.com/p/chromium/issues/detail?id=249335
https://src.chromium.org/viewvc/chrome?revision=206188&view=revision
oval:org.mitre.oval:def:16693

CPE    87
cpe:/a:google:chrome:27.0.1453.62
cpe:/a:google:chrome:27.0.1453.61
cpe:/a:google:chrome:27.0.1453.60
cpe:/a:google:chrome:27.0.1453.69
...
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:14967
oval:org.secpod.oval:def:14968
oval:org.secpod.oval:def:14966
oval:org.secpod.oval:def:14969
...

© SecPod Technologies