SB2013022307 - Permissions, Privileges, and Access Controls in Novell Opensuse

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-0885)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

Remediation

Install update from vendor's website.

References

• http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
• http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
• https://code.google.com/p/chromium/issues/detail?id=172369
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255