CVE-2013-6666

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-6666
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html Vendor Advisory
http://www.debian.org/security/2014/dsa-2883
http://www.securityfocus.com/bid/65930
https://code.google.com/p/chromium/issues/detail?id=332023
https://src.chromium.org/viewvc/chrome?revision=249114&view=revision
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html Vendor Advisory
http://www.debian.org/security/2014/dsa-2883
http://www.securityfocus.com/bid/65930
https://code.google.com/p/chromium/issues/detail?id=332023
https://src.chromium.org/viewvc/chrome?revision=249114&view=revision
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*
History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html - Vendor Advisory
References () http://www.debian.org/security/2014/dsa-2883 - () http://www.debian.org/security/2014/dsa-2883 -
References () http://www.securityfocus.com/bid/65930 - () http://www.securityfocus.com/bid/65930 -
References () https://code.google.com/p/chromium/issues/detail?id=332023 - () https://code.google.com/p/chromium/issues/detail?id=332023 -
References () https://src.chromium.org/viewvc/chrome?revision=249114&view=revision - () https://src.chromium.org/viewvc/chrome?revision=249114&view=revision -
Information

Published : 2014-03-05 05:11

Updated : 2025-04-12 10:46

NVD link : CVE-2013-6666

Mitre link : CVE-2013-6666

CVE.ORG link : CVE-2013-6666

JSON object : View

Products Affected

google

  • chrome
CWE
CWE-264

Permissions, Privileges, and Access Controls