PT-2013-3987 · Adobe+1 · Flash+1
Fil9
·
Published
2013-06-18
·
Updated
2017-09-19
·
CVE-2013-2866
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 27.0.1453.116
Google Chrome OS versions prior to 27.0.1453.116
Description
The issue allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack. This is demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property, which exploits the Flash plug-in's failure to properly determine whether a user wishes to permit camera or microphone access by a Flash application.
Recommendations
For Google Chrome versions prior to 27.0.1453.116, update to version 27.0.1453.116 or later.
For Google Chrome OS versions prior to 27.0.1453.116, update to version 27.0.1453.116 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flash
Google Chrome