CVE-2013-2915

Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html	Vendor Advisory
https://src.chromium.org/viewvc/chrome?revision=222146&view=revision
https://code.google.com/p/chromium/issues/detail?id=280512
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://www.debian.org/security/2013/dsa-2785
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome:30.0.1599.61:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.60:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.51:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.50:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.41:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.40:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.39:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.32:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.31:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.24:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.23:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.6:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.14:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.0:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.7:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.15:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.9:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.42:::::::*
	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:30.0.1599.34:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.18:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.16:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.26:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.52:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.58:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.43:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.64:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.17:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.25:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.53:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.59:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.33:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.8:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.28:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.38:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.1:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.4:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.12:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.5:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.56:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.44:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.35:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.13:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.37:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.2:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.20:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.47:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.19:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.57:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.22:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.29:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.48:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.49:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.21:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.36:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.30:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.27:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.10:::::::*
	cpe:2.3:a:google:chrome:30.0.1599.11:::::::*

Information

Published : 2013-10-02 03:35

Updated : 2017-09-18 18:36

NVD link : CVE-2013-2915

Mitre link : CVE-2013-2915

JSON object : View

CWE

NVD-CWE-Other

Products Affected

google

chrome

4.3 /10