PT-2013-3957 · Google · Google Talk+2
Published
2013-04-16
·
Updated
2013-04-17
·
CVE-2013-2835
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome OS versions prior to 26.0.1410.57
Description
The issue is related to the improper enforcement of origin restrictions for the O3D and Google Talk plug-ins. This allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site.
Recommendations
For versions prior to 26.0.1410.57, update to version 26.0.1410.57 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome
Google Talk
O3D