Privacy Breach in Google Chrome Flash Plug-in
CVE-2013-2866

Currently unrated

Key Information:

Vendor: Google
Status: Chrome; Chrome Os
Vendor: CVE Published:; 19 June 2013

Summary

The Flash plug-in utilized in Google Chrome versions before 27.0.1453.116 lacks proper checks to determine if a user has granted permission for camera or microphone access by Flash applications. This oversight enables remote attackers to exploit the vulnerability through clickjacking techniques, potentially allowing them to capture sensitive environmental information from the user's device. One well-known method of exploitation involves using specially crafted Cascading Style Sheets (CSS) to manipulate the visibility of interface components, deceiving users into unknowingly providing access.

References

http://googlechromereleases.blogspot.com/2013/06/stable-c...

x_refsource_CONFIRM

http://habrahabr.ru/post/182706/

x_refsource_MISC

https://code.google.com/p/chromium/issues/detail?id=249335

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 19, 2013
Vulnerability Reserved
Apr 11, 2013