Vulnerability Details : CVE-2013-0924
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-0924
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0924
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-0924
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0924
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16674
Repository / Oval Repository
-
https://code.google.com/p/chromium/issues/detail?id=169632
169632 - Security: extensions can silently gain file: host permissions via permissions API - chromium - MonorailPatch;Issue Tracking
-
http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html
Chrome Releases: Stable Channel UpdateVendor Advisory
Products affected by CVE-2013-0924
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*