CVE-2013-2868 Information

Description

common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting which might allow remote attackers to trigger unwanted extension changes via unspecified vectors.

Reference

http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=252034 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A17347