CVE-2013-2908

EUVD-2013-2847
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 30.0.1599.65
googlechrome
30.0.1599.0
googlechrome
30.0.1599.1
googlechrome
30.0.1599.2
googlechrome
30.0.1599.4
googlechrome
30.0.1599.5
googlechrome
30.0.1599.6
googlechrome
30.0.1599.7
googlechrome
30.0.1599.8
googlechrome
30.0.1599.9
googlechrome
30.0.1599.10
googlechrome
30.0.1599.11
googlechrome
30.0.1599.12
googlechrome
30.0.1599.13
googlechrome
30.0.1599.14
googlechrome
30.0.1599.15
googlechrome
30.0.1599.16
googlechrome
30.0.1599.17
googlechrome
30.0.1599.18
googlechrome
30.0.1599.19
googlechrome
30.0.1599.20
googlechrome
30.0.1599.21
googlechrome
30.0.1599.22
googlechrome
30.0.1599.23
googlechrome
30.0.1599.24
googlechrome
30.0.1599.25
googlechrome
30.0.1599.26
googlechrome
30.0.1599.27
googlechrome
30.0.1599.28
googlechrome
30.0.1599.29
googlechrome
30.0.1599.30
googlechrome
30.0.1599.31
googlechrome
30.0.1599.32
googlechrome
30.0.1599.33
googlechrome
30.0.1599.34
googlechrome
30.0.1599.35
googlechrome
30.0.1599.36
googlechrome
30.0.1599.37
googlechrome
30.0.1599.38
googlechrome
30.0.1599.39
googlechrome
30.0.1599.40
googlechrome
30.0.1599.41
googlechrome
30.0.1599.42
googlechrome
30.0.1599.43
googlechrome
30.0.1599.44
googlechrome
30.0.1599.47
googlechrome
30.0.1599.48
googlechrome
30.0.1599.49
googlechrome
30.0.1599.50
googlechrome
30.0.1599.51
googlechrome
30.0.1599.52
googlechrome
30.0.1599.53
googlechrome
30.0.1599.56
googlechrome
30.0.1599.57
googlechrome
30.0.1599.58
googlechrome
30.0.1599.59
googlechrome
30.0.1599.60
googlechrome
30.0.1599.61
googlechrome
30.0.1599.64
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 30.0.1599.114-0ubuntu0.12.04.3
released
quantal
Fixed 30.0.1599.114-0ubuntu0.12.10.2
released
raring
Fixed 30.0.1599.114-0ubuntu0.13.04.2
released
saucy
Fixed 30.0.1599.114-0ubuntu0.13.10.2
released
References
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=265221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=265221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
https://src.chromium.org/viewvc/chrome?revision=217485&view=revision