FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2868

This CVE name corresponds to:

Entered Topic
2013-07-10 chromium -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-2868 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-2868
Phase Assigned(20130411)

Description

common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors.

References

Source Reference
CONFIRM http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c
CONFIRM http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
CONFIRM https://code.google.com/p/chromium/issues/detail?id=252034
DEBIAN DSA-2724
OVAL oval:org.mitre.oval:def:17347

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.