Published: 10/07/2013 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

common/extensions/sync_helper.cc in Google Chrome prior to 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote malicious users to trigger unwanted extension changes via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 7.0
google chrome 28.0.1500.68
google chrome 28.0.1500.26
google chrome 28.0.1500.31
google chrome 28.0.1500.0
google chrome 28.0.1500.33
google chrome 28.0.1500.29
google chrome 28.0.1500.25
google chrome 28.0.1500.66
google chrome 28.0.1500.41
google chrome 28.0.1500.12
google chrome 28.0.1500.13
google chrome 28.0.1500.62
google chrome 28.0.1500.20
google chrome 28.0.1500.39
google chrome 28.0.1500.60
google chrome 28.0.1500.15
google chrome 28.0.1500.59
google chrome 28.0.1500.23
google chrome 28.0.1500.45
google chrome 28.0.1500.43
google chrome 28.0.1500.40
google chrome 28.0.1500.3
google chrome 28.0.1500.52
google chrome 28.0.1500.34
google chrome 28.0.1500.46
google chrome 28.0.1500.8
google chrome 28.0.1500.63
google chrome 28.0.1500.53
google chrome 28.0.1500.4
google chrome 28.0.1500.36
google chrome 28.0.1500.44
google chrome 28.0.1500.51
google chrome 28.0.1500.19
google chrome 28.0.1500.2
google chrome 28.0.1500.50
google chrome 28.0.1500.56
google chrome 28.0.1500.54
google chrome 28.0.1500.18
google chrome 28.0.1500.27
google chrome 28.0.1500.21
google chrome 28.0.1500.14
google chrome 28.0.1500.9
google chrome 28.0.1500.16
google chrome 28.0.1500.37
google chrome 28.0.1500.6
google chrome 28.0.1500.47
google chrome 28.0.1500.42
google chrome 28.0.1500.11
google chrome 28.0.1500.17
google chrome 28.0.1500.28
google chrome 28.0.1500.49
google chrome 28.0.1500.35
google chrome 28.0.1500.61
google chrome 28.0.1500.48
google chrome 28.0.1500.22
google chrome 28.0.1500.64
google chrome 28.0.1500.24
google chrome 28.0.1500.58
google chrome 28.0.1500.10
google chrome 28.0.1500.32
google chrome
google chrome 28.0.1500.5
google chrome 28.0.1500.38

Several vulnerabilities have been discovered in the Chromium web browser CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline) CVE-2013-2867 Chrome does not properly prevent pop-under windows CVE-2013-2868 common/extensions/sync_helper ...

NVD-CWE-noinfo https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17347 https://code.google.com/p/chromium/issues/detail?id=252034 http://www.debian.org/security/2013/dsa-2724 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2724

CVE-2013-2868

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect