Security Advisory

CVE-2013-6666

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-03-05 02:00:00

Last updated 2024-08-06 17:46:22

Assigner mitre

State PUBLISHED

Description

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

← Browse all CVEs View on cve.org ↗