Main Vulnerability Database Vulnerabilities #VU42948

Permissions, Privileges, and Access Controls in Google Chrome - CVE-2013-0924

Published: March 28, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42948

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-0924

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Chrome

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.

How to mitigate CVE-2013-0924

Install update from vendor's website.

Sources

http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html
https://code.google.com/p/chromium/issues/detail?id=169632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16674

Permissions, Privileges, and Access Controls in Google Chrome - CVE-2013-0924

Detailed vulnerability description

How to mitigate CVE-2013-0924

Sources

Please verify you're human