CVE-2013-0910

Publication date 5 March 2013

Last updated 24 July 2024

Ubuntu priority

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
chromium-browser	12.10 quantal	Fixed 25.0.1364.160-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 25.0.1364.160-0ubuntu0.12.04.1
	11.10 oneiric	Fixed 25.0.1364.160-0ubuntu0.11.10.1
	10.04 LTS lucid	Fixed 25.0.1364.160-0ubuntu0.10.04.1
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://src.chromium.org/viewvc/chrome?view=rev&revision=180103
https://codereview.chromium.org/12086077
https://code.google.com/p/chromium/issues/detail?id=172573
http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html
https://www.cve.org/CVERecord?id=CVE-2013-0910