6.8
CVE-2013-0926
- EPSS 1.11%
- Veröffentlicht 28.03.2013 12:18:52
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.11% | 0.616 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5934
http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html
http://support.apple.com/kb/HT5785
http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html
http://git.chromium.org/gitweb/?p=chromium/src.git%3Ba=commit%3Bh=52a30db57ecec68bb3b25fdc3de5e9bee7b80ed7
https://chromiumcodereview.appspot.com/11884025
https://code.google.com/p/chromium/issues/detail?id=112325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16601
https://src.chromium.org/viewvc/chrome?view=rev&revision=176856