5.8
CVSSv2

CVE-2013-6666

Published: 05/03/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome prior to 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

Affected Products

Vendor Product Versions
GoogleChrome33.0.1750.0, 33.0.1750.1, 33.0.1750.2, 33.0.1750.3, 33.0.1750.4, 33.0.1750.5, 33.0.1750.6, 33.0.1750.7, 33.0.1750.8, 33.0.1750.9, 33.0.1750.10, 33.0.1750.11, 33.0.1750.12, 33.0.1750.13, 33.0.1750.14, 33.0.1750.15, 33.0.1750.16, 33.0.1750.18, 33.0.1750.19, 33.0.1750.20, 33.0.1750.21, 33.0.1750.22, 33.0.1750.23, 33.0.1750.24, 33.0.1750.25, 33.0.1750.26, 33.0.1750.27, 33.0.1750.28, 33.0.1750.29, 33.0.1750.30, 33.0.1750.31, 33.0.1750.34, 33.0.1750.35, 33.0.1750.36, 33.0.1750.37, 33.0.1750.38, 33.0.1750.39, 33.0.1750.40, 33.0.1750.41, 33.0.1750.42, 33.0.1750.43, 33.0.1750.44, 33.0.1750.45, 33.0.1750.46, 33.0.1750.47, 33.0.1750.48, 33.0.1750.49, 33.0.1750.50, 33.0.1750.51, 33.0.1750.52, 33.0.1750.53, 33.0.1750.54, 33.0.1750.55, 33.0.1750.56, 33.0.1750.57, 33.0.1750.58, 33.0.1750.59, 33.0.1750.60, 33.0.1750.61, 33.0.1750.62, 33.0.1750.63, 33.0.1750.64, 33.0.1750.65, 33.0.1750.66, 33.0.1750.67, 33.0.1750.68, 33.0.1750.69, 33.0.1750.70, 33.0.1750.71, 33.0.1750.73, 33.0.1750.74, 33.0.1750.75, 33.0.1750.76, 33.0.1750.77, 33.0.1750.79, 33.0.1750.80, 33.0.1750.81, 33.0.1750.82, 33.0.1750.83, 33.0.1750.85, 33.0.1750.88, 33.0.1750.89, 33.0.1750.90, 33.0.1750.91, 33.0.1750.92, 33.0.1750.93, 33.0.1750.104, 33.0.1750.106, 33.0.1750.107, 33.0.1750.108, 33.0.1750.109, 33.0.1750.110, 33.0.1750.111, 33.0.1750.112, 33.0.1750.113, 33.0.1750.115, 33.0.1750.116, 33.0.1750.117, 33.0.1750.124, 33.0.1750.125, 33.0.1750.126, 33.0.1750.132, 33.0.1750.133, 33.0.1750.135, 33.0.1750.136, 33.0.1750.144

Vendor Advisories

Several vulnerabilities have been discovered in the chromium web browser CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser CVE-2013-6654 TheShow3511 discovered an issue in SVG handling CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling CVE-2013-6 ...