Google Chrome における脆弱性
| Title |
Google Chrome における脆弱性
|
| Summary |
Google Chrome は、Chrome Web Store との対話処理中に、API 権限を適切に制限しないため、不特定の影響を受ける脆弱性が存在します。
|
| Possible impacts |
不特定の影響を受ける可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Feb. 21, 2013, midnight |
| Registration Date |
Feb. 26, 2013, 3:10 p.m. |
| Last Update |
April 22, 2013, 12:34 p.m. |
|
CVSS2.0 : 危険
|
| Score |
7.5
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
Affected System
| Google |
|
Google Chrome 25.0.1364.97 未満 (Windows および Linux)
|
|
Google Chrome 25.0.1364.99 未満 (Mac OS X)
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2013年02月26日]
掲載
[2013年04月22日]
ベンダ情報:openSUSE (openSUSE-SU-2013:0454) を追加
CWE による脆弱性タイプ一覧:CWE-ID を変更 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2013-0885
| Summary |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
|
| Publication Date |
Feb. 24, 2013, 6:55 a.m. |
| Registration Date |
Jan. 26, 2021, 3:34 p.m. |
| Last Update |
Nov. 21, 2024, 10:48 a.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:* |
|
|
|
|
| Configuration2 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
|
|
|
25.0.1364.97 |
| execution environment |
| 1 |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| 2 |
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
| Configuration3 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
|
|
|
25.0.1364.99 |
| execution environment |
| 1 |
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List