CVE-2013-2912

EUVD-2013-2851
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 30.0.1599.65
googlechrome
30.0.1599.0
googlechrome
30.0.1599.1
googlechrome
30.0.1599.2
googlechrome
30.0.1599.4
googlechrome
30.0.1599.5
googlechrome
30.0.1599.6
googlechrome
30.0.1599.7
googlechrome
30.0.1599.8
googlechrome
30.0.1599.9
googlechrome
30.0.1599.10
googlechrome
30.0.1599.11
googlechrome
30.0.1599.12
googlechrome
30.0.1599.13
googlechrome
30.0.1599.14
googlechrome
30.0.1599.15
googlechrome
30.0.1599.16
googlechrome
30.0.1599.17
googlechrome
30.0.1599.18
googlechrome
30.0.1599.19
googlechrome
30.0.1599.20
googlechrome
30.0.1599.21
googlechrome
30.0.1599.22
googlechrome
30.0.1599.23
googlechrome
30.0.1599.24
googlechrome
30.0.1599.25
googlechrome
30.0.1599.26
googlechrome
30.0.1599.27
googlechrome
30.0.1599.28
googlechrome
30.0.1599.29
googlechrome
30.0.1599.30
googlechrome
30.0.1599.31
googlechrome
30.0.1599.32
googlechrome
30.0.1599.33
googlechrome
30.0.1599.34
googlechrome
30.0.1599.35
googlechrome
30.0.1599.36
googlechrome
30.0.1599.37
googlechrome
30.0.1599.38
googlechrome
30.0.1599.39
googlechrome
30.0.1599.40
googlechrome
30.0.1599.41
googlechrome
30.0.1599.42
googlechrome
30.0.1599.43
googlechrome
30.0.1599.44
googlechrome
30.0.1599.47
googlechrome
30.0.1599.48
googlechrome
30.0.1599.49
googlechrome
30.0.1599.50
googlechrome
30.0.1599.51
googlechrome
30.0.1599.52
googlechrome
30.0.1599.53
googlechrome
30.0.1599.56
googlechrome
30.0.1599.57
googlechrome
30.0.1599.58
googlechrome
30.0.1599.59
googlechrome
30.0.1599.60
googlechrome
30.0.1599.61
googlechrome
30.0.1599.64
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 30.0.1599.114-0ubuntu0.12.04.3
released
quantal
Fixed 30.0.1599.114-0ubuntu0.12.10.2
released
raring
Fixed 30.0.1599.114-0ubuntu0.13.04.2
released
saucy
Fixed 30.0.1599.114-0ubuntu0.13.10.2
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=276368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=276368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
https://src.chromium.org/viewvc/chrome?revision=222614&view=revision