The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machines physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 27.0.1453.115 (including) | |
| Chrome | 27.0.1453.0 (including) | 27.0.1453.0 (including) | |
| Chrome | 27.0.1453.1 (including) | 27.0.1453.1 (including) | |
| Chrome | 27.0.1453.2 (including) | 27.0.1453.2 (including) | |
| Chrome | 27.0.1453.3 (including) | 27.0.1453.3 (including) | |
| Chrome | 27.0.1453.4 (including) | 27.0.1453.4 (including) | |
| Chrome | 27.0.1453.5 (including) | 27.0.1453.5 (including) | |
| Chrome | 27.0.1453.6 (including) | 27.0.1453.6 (including) | |
| Chrome | 27.0.1453.7 (including) | 27.0.1453.7 (including) | |
| Chrome | 27.0.1453.8 (including) | 27.0.1453.8 (including) | |
| Chrome | 27.0.1453.9 (including) | 27.0.1453.9 (including) | |
| Chrome | 27.0.1453.10 (including) | 27.0.1453.10 (including) | |
| Chrome | 27.0.1453.11 (including) | 27.0.1453.11 (including) | |
| Chrome | 27.0.1453.12 (including) | 27.0.1453.12 (including) | |
| Chrome | 27.0.1453.13 (including) | 27.0.1453.13 (including) | |
| Chrome | 27.0.1453.15 (including) | 27.0.1453.15 (including) | |
| Chrome | 27.0.1453.34 (including) | 27.0.1453.34 (including) | |
| Chrome | 27.0.1453.35 (including) | 27.0.1453.35 (including) | |
| Chrome | 27.0.1453.36 (including) | 27.0.1453.36 (including) | |
| Chrome | 27.0.1453.37 (including) | 27.0.1453.37 (including) | |
| Chrome | 27.0.1453.38 (including) | 27.0.1453.38 (including) | |
| Chrome | 27.0.1453.39 (including) | 27.0.1453.39 (including) | |
| Chrome | 27.0.1453.40 (including) | 27.0.1453.40 (including) | |
| Chrome | 27.0.1453.41 (including) | 27.0.1453.41 (including) | |
| Chrome | 27.0.1453.42 (including) | 27.0.1453.42 (including) | |
| Chrome | 27.0.1453.43 (including) | 27.0.1453.43 (including) | |
| Chrome | 27.0.1453.44 (including) | 27.0.1453.44 (including) | |
| Chrome | 27.0.1453.45 (including) | 27.0.1453.45 (including) | |
| Chrome | 27.0.1453.46 (including) | 27.0.1453.46 (including) | |
| Chrome | 27.0.1453.47 (including) | 27.0.1453.47 (including) | |
| Chrome | 27.0.1453.49 (including) | 27.0.1453.49 (including) | |
| Chrome | 27.0.1453.50 (including) | 27.0.1453.50 (including) | |
| Chrome | 27.0.1453.51 (including) | 27.0.1453.51 (including) | |
| Chrome | 27.0.1453.52 (including) | 27.0.1453.52 (including) | |
| Chrome | 27.0.1453.54 (including) | 27.0.1453.54 (including) | |
| Chrome | 27.0.1453.55 (including) | 27.0.1453.55 (including) | |
| Chrome | 27.0.1453.56 (including) | 27.0.1453.56 (including) | |
| Chrome | 27.0.1453.57 (including) | 27.0.1453.57 (including) | |
| Chrome | 27.0.1453.58 (including) | 27.0.1453.58 (including) | |
| Chrome | 27.0.1453.59 (including) | 27.0.1453.59 (including) | |
| Chrome | 27.0.1453.60 (including) | 27.0.1453.60 (including) | |
| Chrome | 27.0.1453.61 (including) | 27.0.1453.61 (including) | |
| Chrome | 27.0.1453.62 (including) | 27.0.1453.62 (including) | |
| Chrome | 27.0.1453.63 (including) | 27.0.1453.63 (including) | |
| Chrome | 27.0.1453.64 (including) | 27.0.1453.64 (including) | |
| Chrome | 27.0.1453.65 (including) | 27.0.1453.65 (including) | |
| Chrome | 27.0.1453.66 (including) | 27.0.1453.66 (including) | |
| Chrome | 27.0.1453.67 (including) | 27.0.1453.67 (including) | |
| Chrome | 27.0.1453.68 (including) | 27.0.1453.68 (including) | |
| Chrome | 27.0.1453.69 (including) | 27.0.1453.69 (including) | |
| Chrome | 27.0.1453.70 (including) | 27.0.1453.70 (including) | |
| Chrome | 27.0.1453.71 (including) | 27.0.1453.71 (including) | |
| Chrome | 27.0.1453.72 (including) | 27.0.1453.72 (including) | |
| Chrome | 27.0.1453.73 (including) | 27.0.1453.73 (including) | |
| Chrome | 27.0.1453.74 (including) | 27.0.1453.74 (including) | |
| Chrome | 27.0.1453.75 (including) | 27.0.1453.75 (including) | |
| Chrome | 27.0.1453.76 (including) | 27.0.1453.76 (including) | |
| Chrome | 27.0.1453.77 (including) | 27.0.1453.77 (including) | |
| Chrome | 27.0.1453.78 (including) | 27.0.1453.78 (including) | |
| Chrome | 27.0.1453.79 (including) | 27.0.1453.79 (including) | |
| Chrome | 27.0.1453.80 (including) | 27.0.1453.80 (including) | |
| Chrome | 27.0.1453.81 (including) | 27.0.1453.81 (including) | |
| Chrome | 27.0.1453.82 (including) | 27.0.1453.82 (including) | |
| Chrome | 27.0.1453.83 (including) | 27.0.1453.83 (including) | |
| Chrome | 27.0.1453.84 (including) | 27.0.1453.84 (including) | |
| Chrome | 27.0.1453.85 (including) | 27.0.1453.85 (including) | |
| Chrome | 27.0.1453.86 (including) | 27.0.1453.86 (including) | |
| Chrome | 27.0.1453.87 (including) | 27.0.1453.87 (including) | |
| Chrome | 27.0.1453.88 (including) | 27.0.1453.88 (including) | |
| Chrome | 27.0.1453.89 (including) | 27.0.1453.89 (including) | |
| Chrome | 27.0.1453.90 (including) | 27.0.1453.90 (including) | |
| Chrome | 27.0.1453.91 (including) | 27.0.1453.91 (including) | |
| Chrome | 27.0.1453.93 (including) | 27.0.1453.93 (including) | |
| Chrome | 27.0.1453.94 (including) | 27.0.1453.94 (including) | |
| Chrome | 27.0.1453.102 (including) | 27.0.1453.102 (including) | |
| Chrome | 27.0.1453.103 (including) | 27.0.1453.103 (including) | |
| Chrome | 27.0.1453.104 (including) | 27.0.1453.104 (including) | |
| Chrome | 27.0.1453.105 (including) | 27.0.1453.105 (including) | |
| Chrome | 27.0.1453.106 (including) | 27.0.1453.106 (including) | |
| Chrome | 27.0.1453.107 (including) | 27.0.1453.107 (including) | |
| Chrome | 27.0.1453.108 (including) | 27.0.1453.108 (including) | |
| Chrome | 27.0.1453.109 (including) | 27.0.1453.109 (including) | |
| Chrome | 27.0.1453.110 (including) | 27.0.1453.110 (including) | |
| Chrome | 27.0.1453.111 (including) | 27.0.1453.111 (including) | |
| Chrome | 27.0.1453.112 (including) | 27.0.1453.112 (including) | |
| Chrome | 27.0.1453.113 (including) | 27.0.1453.113 (including) | |
| Chrome | 27.0.1453.114 (including) | 27.0.1453.114 (including) | |
| Chromium-browser | Ubuntu | upstream | * |
References
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html
- http://habrahabr.ru/post/182706/
- https://code.google.com/p/chromium/issues/detail?id=249335
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693
- https://src.chromium.org/viewvc/chrome?revision=206188\u0026view=revision
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html
- http://habrahabr.ru/post/182706/
- https://code.google.com/p/chromium/issues/detail?id=249335
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693
- https://src.chromium.org/viewvc/chrome?revision=206188\u0026view=revision