CVE-2013-0893 : Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows re

Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.

Published 2013-02-23 21:55:02

Updated 2022-11-18 20:03:09

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-0893

Probability of exploitation activity in the next 30 days: 0.43%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-0893

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-0893

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0893

http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html

Chrome Releases: Stable Channel Update
Release Notes;Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15682

Repository / Oval Repository
Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=168570

168570 - Crashing in webkit_media::WebMediaPlayerMS::putCurrentFrame(WebKit::WebVideoFrame *) - chromium - Monorail
Exploit;Issue Tracking;Mailing List;Patch;Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html

openSUSE-SU-2013:0454-1: moderate: chromium: updated to 27.0.1425
Broken Link;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2013-0893

Google » Chrome
Versions before (<) 25.0.1364.97
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Google » Chrome
Versions before (<) 25.0.1364.99
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0893

Exploit prediction scoring system (EPSS) score for CVE-2013-0893

CVSS scores for CVE-2013-0893

CWE ids for CVE-2013-0893

References for CVE-2013-0893

Products affected by CVE-2013-0893