CVE-2013-2866

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 27.0.1453.116 Google Chrome OS versions prior to 27.0.1453.116

Description The issue allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack. This is demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property, which exploits the Flash plug-in's failure to properly determine whether a user wishes to permit camera or microphone access by a Flash application.

Recommendations For Google Chrome versions prior to 27.0.1453.116, update to version 27.0.1453.116 or later. For Google Chrome OS versions prior to 27.0.1453.116, update to version 27.0.1453.116 or later.