CVE-2013-6652
Google Chrome < 33.0.1750.117 - Path Traversal via Named Pipe Dispatcher
Title source: llmDescription
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=334897
Patch x_refsource_confirm
https://src.chromium.org/viewvc/chrome?revision=247511&view=revision
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
Scores
EPSS
0.0123
EPSS Percentile
65.2%
Details
CWE
CWE-22
Status
published
Products (50)
google/chrome
33.0.1750.0
google/chrome
33.0.1750.1
google/chrome
33.0.1750.2
google/chrome
33.0.1750.3
google/chrome
33.0.1750.4
google/chrome
33.0.1750.5
google/chrome
33.0.1750.6
google/chrome
33.0.1750.7
google/chrome
33.0.1750.8
google/chrome
33.0.1750.9
... and 40 more
Published
Feb 24, 2014
Tracked Since
Feb 18, 2026