CVE-2013-0885

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

Published: Feb 23, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0885
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-732
CWE-264

Affected Software
References

Software	From	Fixed in
opensuse / opensuse	12.2	12.2.x
opensuse / opensuse	12.1	12.1.x
google / chrome	-	25.0.1364.97
google / chrome	-	25.0.1364.99

http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=172369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255

Vulnerability Database

CVE-2013-0885