Privacy Breach in Google Chrome Flash Plug-in
CVE-2013-2866

Currently unrated

Key Information:

Vendor

Google
Status
Chrome
Chrome Os
Vendor
CVE Published:
19 June 2013

What is CVE-2013-2866?

The Flash plug-in utilized in Google Chrome versions before 27.0.1453.116 lacks proper checks to determine if a user has granted permission for camera or microphone access by Flash applications. This oversight enables remote attackers to exploit the vulnerability through clickjacking techniques, potentially allowing them to capture sensitive environmental information from the user's device. One well-known method of exploitation involves using specially crafted Cascading Style Sheets (CSS) to manipulate the visibility of interface components, deceiving users into unknowingly providing access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://googlechromereleases.blogspot.com/2013/06/stable-c...
x_refsource_CONFIRM
http://habrahabr.ru/post/182706/
x_refsource_MISC
https://code.google.com/p/chromium/issues/detail?id=249335
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.