CVE-2013-2866
Description
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"27.0.1453.115"} | | |
| chrome | 27.0.1453.0 | | |
| chrome | 27.0.1453.1 | | |
| chrome | 27.0.1453.2 | | |
| chrome | 27.0.1453.3 | | |
| chrome | 27.0.1453.4 | | |
| chrome | 27.0.1453.5 | | |
| chrome | 27.0.1453.6 | | |
| chrome | 27.0.1453.7 | | |
| chrome | 27.0.1453.8 | | |
| chrome | 27.0.1453.9 | | |
| chrome | 27.0.1453.10 | | |
| chrome | 27.0.1453.11 | | |
| chrome | 27.0.1453.12 | | |
| chrome | 27.0.1453.13 | | |
| chrome | 27.0.1453.15 | | |
| chrome | 27.0.1453.34 | | |
| chrome | 27.0.1453.35 | | |
| chrome | 27.0.1453.36 | | |
| chrome | 27.0.1453.37 | | |
| chrome | 27.0.1453.38 | | |
| chrome | 27.0.1453.39 | | |
| chrome | 27.0.1453.40 | | |
| chrome | 27.0.1453.41 | | |
| chrome | 27.0.1453.42 | | |
| chrome | 27.0.1453.43 | | |
| chrome | 27.0.1453.44 | | |
| chrome | 27.0.1453.45 | | |
| chrome | 27.0.1453.46 | | |
| chrome | 27.0.1453.47 | | |
| chrome | 27.0.1453.49 | | |
| chrome | 27.0.1453.50 | | |
| chrome | 27.0.1453.51 | | |
| chrome | 27.0.1453.52 | | |
| chrome | 27.0.1453.54 | | |
| chrome | 27.0.1453.55 | | |
| chrome | 27.0.1453.56 | | |
| chrome | 27.0.1453.57 | | |
| chrome | 27.0.1453.58 | | |
| chrome | 27.0.1453.59 | | |
| chrome | 27.0.1453.60 | | |
| chrome | 27.0.1453.61 | | |
| chrome | 27.0.1453.62 | | |
| chrome | 27.0.1453.63 | | |
| chrome | 27.0.1453.64 | | |
| chrome | 27.0.1453.65 | | |
| chrome | 27.0.1453.66 | | |
| chrome | 27.0.1453.67 | | |
| chrome | 27.0.1453.68 | | |
| chrome | 27.0.1453.69 | | |
| chrome | 27.0.1453.70 | | |
| chrome | 27.0.1453.71 | | |
| chrome | 27.0.1453.72 | | |
| chrome | 27.0.1453.73 | | |
| chrome | 27.0.1453.74 | | |
| chrome | 27.0.1453.75 | | |
| chrome | 27.0.1453.76 | | |
| chrome | 27.0.1453.77 | | |
| chrome | 27.0.1453.78 | | |
| chrome | 27.0.1453.79 | | |
| chrome | 27.0.1453.80 | | |
| chrome | 27.0.1453.81 | | |
| chrome | 27.0.1453.82 | | |
| chrome | 27.0.1453.83 | | |
| chrome | 27.0.1453.84 | | |
| chrome | 27.0.1453.85 | | |
| chrome | 27.0.1453.86 | | |
| chrome | 27.0.1453.87 | | |
| chrome | 27.0.1453.88 | | |
| chrome | 27.0.1453.89 | | |
| chrome | 27.0.1453.90 | | |
| chrome | 27.0.1453.91 | | |
| chrome | 27.0.1453.93 | | |
| chrome | 27.0.1453.94 | | |
| chrome | 27.0.1453.102 | | |
| chrome | 27.0.1453.103 | | |
| chrome | 27.0.1453.104 | | |
| chrome | 27.0.1453.105 | | |
| chrome | 27.0.1453.106 | | |
| chrome | 27.0.1453.107 | | |
| chrome | 27.0.1453.108 | | |
| chrome | 27.0.1453.109 | | |
| chrome | 27.0.1453.110 | | |
| chrome | 27.0.1453.111 | | |
| chrome | 27.0.1453.112 | | |
| chrome | 27.0.1453.113 | | |
| chrome | 27.0.1453.114 | |
References
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html
- http://habrahabr.ru/post/182706/
- https://code.google.com/p/chromium/issues/detail?id=249335
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693
- https://src.chromium.org/viewvc/chrome?revision=206188&view=revision
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html
- http://habrahabr.ru/post/182706/
- https://code.google.com/p/chromium/issues/detail?id=249335
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693
- https://src.chromium.org/viewvc/chrome?revision=206188&view=revision
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.