Vulnerability Description
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 12.1 |
| Chrome | < 25.0.1364.97 | |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Apple | Mac Os X | - |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
- https://code.google.com/p/chromium/issues/detail?id=172369
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
- https://code.google.com/p/chromium/issues/detail?id=172369
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2013-0885?
CVE-2013-0885 is a vulnerability with a CVSS score of 7.5 (HIGH). Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecifi...
How severe is CVE-2013-0885?
CVE-2013-0885 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0885?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Google Chrome, Linux Linux Kernel, Microsoft Windows, Apple Mac Os X.