CVE-2013-0912 | Tenable®

Links

Tenable Community & Support

Tenable University

Settings

Severity

Theme

CVE-2013-0912

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."

References

http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_7.html

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://labs.mwrinfosecurity.com/blog/2013/03/06/pwn2own-at-cansecwest-2013/

http://lists.apple.com/archives/security-announce/2013/Apr/msg00000.html

http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

http://support.apple.com/kb/HT5701

http://support.apple.com/kb/HT5704

http://twitter.com/thezdi/statuses/309460019131346944

https://code.google.com/p/chromium/issues/detail?id=180763

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16274

Details

Source: MITRE

Published: 2013-03-11

Updated: 2017-09-19

Type: CWE-94

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:25.0.1364.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.88:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.89:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.91:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.92:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.93:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.95:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.98:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.99:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.108:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.110:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.112:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.113:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.114:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.115:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.116:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.117:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.118:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.119:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.120:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.121:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.122:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.123:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.124:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.125:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.126:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.152:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.154:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.155:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.156:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:25.0.1364.159:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

ID	Name	Product	Family	Severity
70112	GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
6831	iTunes < 11.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
66499	Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
66498	Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
800995	Mac OS X : Safari < 6.0.4 SVG File Handling Arbitrary Code Execution	Log Correlation Engine	Web Clients	high
6762	Safari < 6.0.4 SVG File Handling Arbitrary Code Execution	Nessus Network Monitor	Web Clients	high
66000	Mac OS X : Apple Safari < 6.0.4 SVG File Handling Arbitrary Code Execution	Nessus	MacOS X Local Security Checks	high
6718	Apple iOS < 6.1.3 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
65633	Apple iOS < 6.1.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high
65170	FreeBSD : chromium -- WebKit vulnerability (54bed676-87ce-11e2-b528-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
800891	Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution	Log Correlation Engine	Web Clients	high
6709	Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution	Nessus Network Monitor	Web Clients	high
65097	Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution	Nessus	Windows	high