CVE-2013-0919

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.

References

http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html

https://code.google.com/p/chromium/issues/detail?id=178760

Details

Source: MITRE

Published: 2013-03-28

Updated: 2013-04-03

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
70112GLSA-201309-16 : Chromium, V8: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
65850FreeBSD : chromium -- multiple vulnerabilities (bdd48858-9656-11e2-a9a8-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
6724Google Chrome < 26.0.1410.43 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high