CVE-2013-0885

EUVD-2013-0896
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
12.1
opensuseopensuse
12.2
googlechrome
𝑥
< 25.0.1364.97
googlechrome
𝑥
< 25.0.1364.99
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
Fixed 25.0.1364.160-0ubuntu0.10.04.1
released
oneiric
Fixed 25.0.1364.160-0ubuntu0.11.10.1
released
precise
Fixed 25.0.1364.160-0ubuntu0.12.04.1
released
quantal
Fixed 25.0.1364.160-0ubuntu0.12.10.1
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=172369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
https://code.google.com/p/chromium/issues/detail?id=172369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255