CVE-2013-0927

Name of the Vulnerable Software and Affected Versions Google Chrome OS versions prior to 26.0.1410.57

Description The issue allows attackers to bypass intended access restrictions via crafted configuration data in the .pangorc file or the file referenced by the PANGO RC FILE environment variable. This is due to the Pango pango-utils.c read config implementation loading the contents of these files.

Recommendations For Google Chrome OS versions prior to 26.0.1410.57, update to version 26.0.1410.57 or later to resolve the issue. As a temporary workaround, consider restricting access to the .pangorc file and the file referenced by the PANGO RC FILE environment variable to minimize the risk of exploitation.