Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the users home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome_os | 26.0.1410.44 | 26.0.1410.44 | |
Chrome_os | 26.0.1410.15 | 26.0.1410.15 | |
Chrome_os | 26.0.1410.19 | 26.0.1410.19 | |
Chrome_os | 26.0.1410.9 | 26.0.1410.9 | |
Chrome_os | 26.0.1410.25 | 26.0.1410.25 | |
Chrome_os | 26.0.1410.22 | 26.0.1410.22 | |
Chrome_os | 26.0.1410.3 | 26.0.1410.3 | |
Chrome_os | 26.0.1410.10 | 26.0.1410.10 | |
Chrome_os | 26.0.1410.29 | 26.0.1410.29 | |
Chrome_os | 26.0.1410.26 | 26.0.1410.26 | |
Chrome_os | 26.0.1410.7 | 26.0.1410.7 | |
Chrome_os | 26.0.1410.31 | 26.0.1410.31 | |
Chrome_os | 26.0.1410.46 | 26.0.1410.46 | |
Chrome_os | * | 26.0.1410.56 | |
Chrome_os | 26.0.1410.36 | 26.0.1410.36 | |
Chrome_os | 26.0.1410.45 | 26.0.1410.45 | |
Chrome_os | 26.0.1410.6 | 26.0.1410.6 | |
Chrome_os | 26.0.1410.48 | 26.0.1410.48 | |
Chrome_os | 26.0.1410.50 | 26.0.1410.50 | |
Chrome_os | 26.0.1410.20 | 26.0.1410.20 | |
Chrome_os | 26.0.1410.23 | 26.0.1410.23 | |
Chrome_os | 26.0.1410.17 | 26.0.1410.17 | |
Chrome_os | 26.0.1410.5 | 26.0.1410.5 | |
Chrome_os | 26.0.1410.52 | 26.0.1410.52 | |
Chrome_os | 26.0.1410.38 | 26.0.1410.38 | |
Chrome_os | 26.0.1410.4 | 26.0.1410.4 | |
Chrome_os | 26.0.1410.0 | 26.0.1410.0 | |
Chrome_os | 26.0.1410.33 | 26.0.1410.33 | |
Chrome_os | 26.0.1410.47 | 26.0.1410.47 | |
Chrome_os | 26.0.1410.12 | 26.0.1410.12 | |
Chrome_os | 26.0.1410.40 | 26.0.1410.40 | |
Chrome_os | 26.0.1410.28 | 26.0.1410.28 | |
Chrome_os | 26.0.1410.21 | 26.0.1410.21 | |
Chrome_os | 26.0.1410.43 | 26.0.1410.43 | |
Chrome_os | 26.0.1410.14 | 26.0.1410.14 | |
Chrome_os | 26.0.1410.39 | 26.0.1410.39 | |
Chrome_os | 26.0.1410.18 | 26.0.1410.18 | |
Chrome_os | 26.0.1410.34 | 26.0.1410.34 | |
Chrome_os | 26.0.1410.30 | 26.0.1410.30 | |
Chrome_os | 26.0.1410.41 | 26.0.1410.41 | |
Chrome_os | 26.0.1410.16 | 26.0.1410.16 | |
Chrome_os | 26.0.1410.37 | 26.0.1410.37 | |
Chrome_os | 26.0.1410.27 | 26.0.1410.27 | |
Chrome_os | 26.0.1410.54 | 26.0.1410.54 | |
Chrome_os | 26.0.1410.51 | 26.0.1410.51 | |
Chrome_os | 26.0.1410.32 | 26.0.1410.32 | |
Chrome_os | 26.0.1410.55 | 26.0.1410.55 | |
Chrome_os | 26.0.1410.11 | 26.0.1410.11 | |
Chrome_os | 26.0.1410.24 | 26.0.1410.24 | |
Chrome_os | 26.0.1410.35 | 26.0.1410.35 | |
Chrome_os | 26.0.1410.1 | 26.0.1410.1 | |
Chrome_os | 26.0.1410.49 | 26.0.1410.49 | |
Chrome_os | 26.0.1410.8 | 26.0.1410.8 | |
Chrome_os | 26.0.1410.42 | 26.0.1410.42 |