CVE-2013-2908

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html	Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=265221
https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://www.debian.org/security/2013/dsa-2785
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:30.0.1599.64:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.60:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.59:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.50:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.49:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.40:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.39:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.31:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.30:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.23:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.6:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.28:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.14:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.38:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.15:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.4:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.51:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.12:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.5:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.13:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.37:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.2:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.20:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.47:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.61:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.57:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.22:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.52:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.29:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.48:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.58:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.21:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.0:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.7:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.9:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.42:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.1:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.34:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.18:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.56:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.16:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.44:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.35:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.26:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.19:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.24:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.43:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.32:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.17:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.41:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.36:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.25:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.53:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.27:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.10:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.11:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.33:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.8:::::::*

Information

Published : 2013-10-02 03:35

Updated : 2017-09-18 18:36

NVD link : CVE-2013-2908

Mitre link : CVE-2013-2908

JSON object : View

CWE

NVD-CWE-Other

Products Affected

google

chrome

5.0 /10