Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2013-6666

Published: 05/03/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Google

Vulnerability Summary

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome prior to 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote malicious users to bypass intended CORS restrictions via an inappropriate header.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome 33.0.1750.136

google chrome

google chrome 33.0.1750.109

google chrome 33.0.1750.11

google chrome 33.0.1750.117

google chrome 33.0.1750.12

google chrome 33.0.1750.2

google chrome 33.0.1750.20

google chrome 33.0.1750.21

google chrome 33.0.1750.28

google chrome 33.0.1750.29

google chrome 33.0.1750.37

google chrome 33.0.1750.38

google chrome 33.0.1750.45

google chrome 33.0.1750.46

google chrome 33.0.1750.52

google chrome 33.0.1750.53

google chrome 33.0.1750.6

google chrome 33.0.1750.60

google chrome 33.0.1750.68

google chrome 33.0.1750.69

google chrome 33.0.1750.76

google chrome 33.0.1750.77

google chrome 33.0.1750.85

google chrome 33.0.1750.88

google chrome 33.0.1750.133

google chrome 33.0.1750.135

google chrome 33.0.1750.107

google chrome 33.0.1750.108

google chrome 33.0.1750.115

google chrome 33.0.1750.116

google chrome 33.0.1750.18

google chrome 33.0.1750.19

google chrome 33.0.1750.26

google chrome 33.0.1750.27

google chrome 33.0.1750.35

google chrome 33.0.1750.36

google chrome 33.0.1750.42

google chrome 33.0.1750.43

google chrome 33.0.1750.44

google chrome 33.0.1750.50

google chrome 33.0.1750.51

google chrome 33.0.1750.58

google chrome 33.0.1750.59

google chrome 33.0.1750.66

google chrome 33.0.1750.67

google chrome 33.0.1750.74

google chrome 33.0.1750.75

google chrome 33.0.1750.82

google chrome 33.0.1750.83

google chrome 33.0.1750.93

google chrome 33.0.1750.124

google chrome 33.0.1750.125

google chrome 33.0.1750.0

google chrome 33.0.1750.1

google chrome 33.0.1750.10

google chrome 33.0.1750.110

google chrome 33.0.1750.111

google chrome 33.0.1750.13

google chrome 33.0.1750.14

google chrome 33.0.1750.22

google chrome 33.0.1750.23

google chrome 33.0.1750.3

google chrome 33.0.1750.30

google chrome 33.0.1750.39

google chrome 33.0.1750.4

google chrome 33.0.1750.47

google chrome 33.0.1750.48

google chrome 33.0.1750.54

google chrome 33.0.1750.55

google chrome 33.0.1750.61

google chrome 33.0.1750.62

google chrome 33.0.1750.7

google chrome 33.0.1750.70

google chrome 33.0.1750.79

google chrome 33.0.1750.8

google chrome 33.0.1750.89

google chrome 33.0.1750.9

google chrome 33.0.1750.90

google chrome 33.0.1750.126

google chrome 33.0.1750.132

google chrome 33.0.1750.104

google chrome 33.0.1750.106

google chrome 33.0.1750.112

google chrome 33.0.1750.113

google chrome 33.0.1750.15

google chrome 33.0.1750.16

google chrome 33.0.1750.24

google chrome 33.0.1750.25

google chrome 33.0.1750.31

google chrome 33.0.1750.34

google chrome 33.0.1750.40

google chrome 33.0.1750.41

google chrome 33.0.1750.49

google chrome 33.0.1750.5

google chrome 33.0.1750.56

google chrome 33.0.1750.57

google chrome 33.0.1750.63

google chrome 33.0.1750.64

google chrome 33.0.1750.65

google chrome 33.0.1750.71

google chrome 33.0.1750.73

google chrome 33.0.1750.80

google chrome 33.0.1750.81

google chrome 33.0.1750.91

google chrome 33.0.1750.92

Vendor Advisories

Debian Security Advisories: DSA-2883-1 chromium-browser -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser CVE-2013-6654 TheShow3511 discovered an issue in SVG handling CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling CVE-2013-6 ...

References

CWE-264https://code.google.com/p/chromium/issues/detail?id=332023http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.htmlhttps://src.chromium.org/viewvc/chrome?revision=249114&view=revisionhttp://www.debian.org/security/2014/dsa-2883http://www.securityfocus.com/bid/65930https://nvd.nist.govhttps://www.debian.org/security/./dsa-2883
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook