CVE-2013-0885

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
opensuseopensuse
12.1
opensuseopensuse
12.2
googlechrome
𝑥
< 25.0.1364.97
googlechrome
𝑥
< 25.0.1364.99
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
quantal
Fixed 25.0.1364.160-0ubuntu0.12.10.1
released
precise
Fixed 25.0.1364.160-0ubuntu0.12.04.1
released
oneiric
Fixed 25.0.1364.160-0ubuntu0.11.10.1
released
lucid
Fixed 25.0.1364.160-0ubuntu0.10.04.1
released
hardy
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=172369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=172369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255