Vulnerability Details : CVE-2013-2887
Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerability category: Denial of service
Products affected by CVE-2013-2887
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2887
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2887
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2013-2887
-
http://crbug.com/249854
249854 - MediaStreamHostMsg_GenerateStream: validate audio_type / video_type enums - chromium - Monorail
-
http://crbug.com/246635
246635 - Heap-buffer-overflow in WebCore::HTMLMapElement::imageElement - chromium - Monorail
-
http://crbug.com/238837
238837 - Limit the depth of function calls in GLSL - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17741
Repository / Oval Repository
-
http://www.debian.org/security/2013/dsa-2741
Debian -- Security Information -- DSA-2741-1 chromium-browser
-
http://crbug.com/116128
116128 - Content scripts should never be run in the webstore isolate - chromium - Monorail
-
http://crbug.com/249064
249064 - IndexedDBHostMsg_DatabaseGet: validate params.object_store_id - chromium - Monorail
-
http://crbug.com/172119
172119 - Security: Do not allow Chrome Web Store URLs to commit in unprivileged processes - chromium - Monorail
-
http://crbug.com/248960
248960 - Heap-use-after-free in gfx::RenderTextWin::GetGlyphBounds - chromium - Monorail
-
http://crbug.com/220039
220039 - Security: Chrome extensions can manipulate Chrome sign-in screen - chromium - Monorail
-
http://crbug.com/234809
234809 - URL spoof or renderer kill when committing prerendered/instant page with a pending entry - chromium - Monorail
-
http://crbug.com/177876
177876 - Heap-use-after-free in webkit::ppapi::PPB_URLLoader_Impl::FillUserBuffer - chromium - Monorail
-
http://crbug.com/236147
236147 - Heap-use-after-free in printing::PrepareFrameAndViewForPrint::PrepareFrameAndViewForPrint - chromium - Monorail
-
http://crbug.com/254159
254159 - Security: Chrome shared memory file can be world readable and lacks security checks when opening existing mappings. - chromium - Monorail
-
http://crbug.com/166916
166916 - Security: mixed content XHR doesn't trigger mixed content warnings - chromium - Monorail
-
http://crbug.com/252848
252848 - SpeechRecognitionManagerImpl::SessionStart: vector::front() on an empty vector. - chromium - Monorail
-
http://crbug.com/232393
232393 - Heap-buffer-overflow in WebCore::CSSPrimitiveValue::cleanup - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=274602
274602 - Tracking bug for internal security fixes for Chrome 29, Release 0 - chromium - Monorail
-
http://crbug.com/231688
231688 - Security: Chrome's IntentHandler relies on weak authentication - chromium - Monorail
-
http://crbug.com/261609
261609 - Heap-use-after-free in WebCore::IdTargetObserverRegistry::removeObserver - chromium - Monorail
Jump to