Vulnerability Details : CVE-2013-2874
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
Products affected by CVE-2013-2874
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2874
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2874
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-2874
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2874
-
https://code.google.com/p/chromium/issues/detail?id=237611
237611 - Security: Screen capture via WebGL texture - chromium - MonorailPatch;Issue Tracking
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17142
Repository / Oval Repository
-
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
Jump to