The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html - | |
References | () http://habrahabr.ru/post/182706/ - | |
References | () https://code.google.com/p/chromium/issues/detail?id=249335 - | |
References | () https://src.chromium.org/viewvc/chrome?revision=206188&view=revision - | |
References | () http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html - |
Information
Published : 2013-06-19 20:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-2866
Mitre link : CVE-2013-2866
CVE.ORG link : CVE-2013-2866
JSON object : View
Products Affected
- chrome
- chrome_os
CWE
CWE-264
Permissions, Privileges, and Access Controls