Vulnerability Details : CVE-2013-2912
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2013-2912
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2912
2.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2912
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-2912
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2912
-
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
[security-announce] openSUSE-SU-2013:1556-1: important: chromium: 30.0.1
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
openSUSE-SU-2014:0065-1: moderate: update for chromium
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
Repository / Oval Repository
-
https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
[chrome] Revision 222614
-
http://www.debian.org/security/2013/dsa-2785
Debian -- Security Information -- DSA-2785-1 chromium-browser
-
https://code.google.com/p/chromium/issues/detail?id=276368
276368 - Heap-use-after-free in ppapi::proxy::PluginResource::NotifyInstanceWasDeleted - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
[security-announce] openSUSE-SU-2013:1861-1: important: chromium: update
Jump to