Description
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16255
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=172369
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
Scores
EPSS
0.0017
EPSS Percentile
37.4%
Details
CWE
CWE-732
Status
published
Products (3)
google/chrome
< 25.0.1364.97
opensuse/opensuse
12.1
opensuse/opensuse
12.2
Published
Feb 23, 2013
Tracked Since
Feb 18, 2026