5.8

CVE-2013-2879

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version <= 28.0.1500.70
GoogleChrome Version28.0.1500.0
GoogleChrome Version28.0.1500.2
GoogleChrome Version28.0.1500.3
GoogleChrome Version28.0.1500.4
GoogleChrome Version28.0.1500.5
GoogleChrome Version28.0.1500.6
GoogleChrome Version28.0.1500.8
GoogleChrome Version28.0.1500.9
GoogleChrome Version28.0.1500.10
GoogleChrome Version28.0.1500.11
GoogleChrome Version28.0.1500.12
GoogleChrome Version28.0.1500.13
GoogleChrome Version28.0.1500.14
GoogleChrome Version28.0.1500.15
GoogleChrome Version28.0.1500.16
GoogleChrome Version28.0.1500.17
GoogleChrome Version28.0.1500.18
GoogleChrome Version28.0.1500.19
GoogleChrome Version28.0.1500.20
GoogleChrome Version28.0.1500.21
GoogleChrome Version28.0.1500.22
GoogleChrome Version28.0.1500.23
GoogleChrome Version28.0.1500.24
GoogleChrome Version28.0.1500.25
GoogleChrome Version28.0.1500.26
GoogleChrome Version28.0.1500.27
GoogleChrome Version28.0.1500.28
GoogleChrome Version28.0.1500.29
GoogleChrome Version28.0.1500.31
GoogleChrome Version28.0.1500.32
GoogleChrome Version28.0.1500.33
GoogleChrome Version28.0.1500.34
GoogleChrome Version28.0.1500.35
GoogleChrome Version28.0.1500.36
GoogleChrome Version28.0.1500.37
GoogleChrome Version28.0.1500.38
GoogleChrome Version28.0.1500.39
GoogleChrome Version28.0.1500.40
GoogleChrome Version28.0.1500.41
GoogleChrome Version28.0.1500.42
GoogleChrome Version28.0.1500.43
GoogleChrome Version28.0.1500.44
GoogleChrome Version28.0.1500.45
GoogleChrome Version28.0.1500.46
GoogleChrome Version28.0.1500.47
GoogleChrome Version28.0.1500.48
GoogleChrome Version28.0.1500.49
GoogleChrome Version28.0.1500.50
GoogleChrome Version28.0.1500.51
GoogleChrome Version28.0.1500.52
GoogleChrome Version28.0.1500.53
GoogleChrome Version28.0.1500.54
GoogleChrome Version28.0.1500.56
GoogleChrome Version28.0.1500.58
GoogleChrome Version28.0.1500.59
GoogleChrome Version28.0.1500.60
GoogleChrome Version28.0.1500.61
GoogleChrome Version28.0.1500.62
GoogleChrome Version28.0.1500.63
GoogleChrome Version28.0.1500.64
GoogleChrome Version28.0.1500.66
GoogleChrome Version28.0.1500.68
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.92% 0.555
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2724
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=8a8eb83276778c9fbcf9ebcd4436077269b73074
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac
https://code.google.com/p/chromium/issues/detail?id=252062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177