CVE-2013-2879

EUVD-2013-2818
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 28.0.1500.70
googlechrome
28.0.1500.0
googlechrome
28.0.1500.2
googlechrome
28.0.1500.3
googlechrome
28.0.1500.4
googlechrome
28.0.1500.5
googlechrome
28.0.1500.6
googlechrome
28.0.1500.8
googlechrome
28.0.1500.9
googlechrome
28.0.1500.10
googlechrome
28.0.1500.11
googlechrome
28.0.1500.12
googlechrome
28.0.1500.13
googlechrome
28.0.1500.14
googlechrome
28.0.1500.15
googlechrome
28.0.1500.16
googlechrome
28.0.1500.17
googlechrome
28.0.1500.18
googlechrome
28.0.1500.19
googlechrome
28.0.1500.20
googlechrome
28.0.1500.21
googlechrome
28.0.1500.22
googlechrome
28.0.1500.23
googlechrome
28.0.1500.24
googlechrome
28.0.1500.25
googlechrome
28.0.1500.26
googlechrome
28.0.1500.27
googlechrome
28.0.1500.28
googlechrome
28.0.1500.29
googlechrome
28.0.1500.31
googlechrome
28.0.1500.32
googlechrome
28.0.1500.33
googlechrome
28.0.1500.34
googlechrome
28.0.1500.35
googlechrome
28.0.1500.36
googlechrome
28.0.1500.37
googlechrome
28.0.1500.38
googlechrome
28.0.1500.39
googlechrome
28.0.1500.40
googlechrome
28.0.1500.41
googlechrome
28.0.1500.42
googlechrome
28.0.1500.43
googlechrome
28.0.1500.44
googlechrome
28.0.1500.45
googlechrome
28.0.1500.46
googlechrome
28.0.1500.47
googlechrome
28.0.1500.48
googlechrome
28.0.1500.49
googlechrome
28.0.1500.50
googlechrome
28.0.1500.51
googlechrome
28.0.1500.52
googlechrome
28.0.1500.53
googlechrome
28.0.1500.54
googlechrome
28.0.1500.56
googlechrome
28.0.1500.58
googlechrome
28.0.1500.59
googlechrome
28.0.1500.60
googlechrome
28.0.1500.61
googlechrome
28.0.1500.62
googlechrome
28.0.1500.63
googlechrome
28.0.1500.64
googlechrome
28.0.1500.66
googlechrome
28.0.1500.68
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 28.0.1500.71-0ubuntu1.12.04.1
released
quantal
Fixed 28.0.1500.71-0ubuntu1.12.10.1
released
raring
Fixed 28.0.1500.71-0ubuntu1.13.04.1
released
Common Weakness Enumeration
References
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=8a8eb83276778c9fbcf9ebcd4436077269b73074
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2724
https://code.google.com/p/chromium/issues/detail?id=252062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=8a8eb83276778c9fbcf9ebcd4436077269b73074
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2724
https://code.google.com/p/chromium/issues/detail?id=252062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177