PT-2013-2705 · Google · Google Chrome
Chris Evans
·
Published
2013-03-04
·
Updated
2017-09-19
·
CVE-2013-0910
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 25.0.1364.152
Description
The issue arises from improper management of the interaction between the browser process and renderer processes during authorization of the loading of a plug-in. This makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.
Recommendations
For versions prior to 25.0.1364.152, update to version 25.0.1364.152 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome