PT-2013-2719 · Google · Google Chrome
Published
2013-03-26
·
Updated
2017-09-19
·
CVE-2013-0925
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 26.0.1410.43
Description
The issue concerns the handling of permissions for extensions, specifically the tabs permission, also known as APIPermission::kTab. This permission is required for an extension to access certain URL information. The problem arises when the software does not properly verify if an extension has this permission before providing it with a URL. This could potentially lead to unspecified consequences and is exploitable through remote attack vectors.
Recommendations
For Google Chrome versions prior to 26.0.1410.43, update to version 26.0.1410.43 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome