CVE-2013-0924

HIGH

Description

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.

References

http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html

https://code.google.com/p/chromium/issues/detail?id=169632

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16674

Details

Source: MITRE

Published: 2013-03-28

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH