The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 33.0.1750.144 (including) | |
| Chrome | 33.0.1750.0 (including) | 33.0.1750.0 (including) | |
| Chrome | 33.0.1750.1 (including) | 33.0.1750.1 (including) | |
| Chrome | 33.0.1750.2 (including) | 33.0.1750.2 (including) | |
| Chrome | 33.0.1750.3 (including) | 33.0.1750.3 (including) | |
| Chrome | 33.0.1750.4 (including) | 33.0.1750.4 (including) | |
| Chrome | 33.0.1750.5 (including) | 33.0.1750.5 (including) | |
| Chrome | 33.0.1750.6 (including) | 33.0.1750.6 (including) | |
| Chrome | 33.0.1750.7 (including) | 33.0.1750.7 (including) | |
| Chrome | 33.0.1750.8 (including) | 33.0.1750.8 (including) | |
| Chrome | 33.0.1750.9 (including) | 33.0.1750.9 (including) | |
| Chrome | 33.0.1750.10 (including) | 33.0.1750.10 (including) | |
| Chrome | 33.0.1750.11 (including) | 33.0.1750.11 (including) | |
| Chrome | 33.0.1750.12 (including) | 33.0.1750.12 (including) | |
| Chrome | 33.0.1750.13 (including) | 33.0.1750.13 (including) | |
| Chrome | 33.0.1750.14 (including) | 33.0.1750.14 (including) | |
| Chrome | 33.0.1750.15 (including) | 33.0.1750.15 (including) | |
| Chrome | 33.0.1750.16 (including) | 33.0.1750.16 (including) | |
| Chrome | 33.0.1750.18 (including) | 33.0.1750.18 (including) | |
| Chrome | 33.0.1750.19 (including) | 33.0.1750.19 (including) | |
| Chrome | 33.0.1750.20 (including) | 33.0.1750.20 (including) | |
| Chrome | 33.0.1750.21 (including) | 33.0.1750.21 (including) | |
| Chrome | 33.0.1750.22 (including) | 33.0.1750.22 (including) | |
| Chrome | 33.0.1750.23 (including) | 33.0.1750.23 (including) | |
| Chrome | 33.0.1750.24 (including) | 33.0.1750.24 (including) | |
| Chrome | 33.0.1750.25 (including) | 33.0.1750.25 (including) | |
| Chrome | 33.0.1750.26 (including) | 33.0.1750.26 (including) | |
| Chrome | 33.0.1750.27 (including) | 33.0.1750.27 (including) | |
| Chrome | 33.0.1750.28 (including) | 33.0.1750.28 (including) | |
| Chrome | 33.0.1750.29 (including) | 33.0.1750.29 (including) | |
| Chrome | 33.0.1750.30 (including) | 33.0.1750.30 (including) | |
| Chrome | 33.0.1750.31 (including) | 33.0.1750.31 (including) | |
| Chrome | 33.0.1750.34 (including) | 33.0.1750.34 (including) | |
| Chrome | 33.0.1750.35 (including) | 33.0.1750.35 (including) | |
| Chrome | 33.0.1750.36 (including) | 33.0.1750.36 (including) | |
| Chrome | 33.0.1750.37 (including) | 33.0.1750.37 (including) | |
| Chrome | 33.0.1750.38 (including) | 33.0.1750.38 (including) | |
| Chrome | 33.0.1750.39 (including) | 33.0.1750.39 (including) | |
| Chrome | 33.0.1750.40 (including) | 33.0.1750.40 (including) | |
| Chrome | 33.0.1750.41 (including) | 33.0.1750.41 (including) | |
| Chrome | 33.0.1750.42 (including) | 33.0.1750.42 (including) | |
| Chrome | 33.0.1750.43 (including) | 33.0.1750.43 (including) | |
| Chrome | 33.0.1750.44 (including) | 33.0.1750.44 (including) | |
| Chrome | 33.0.1750.45 (including) | 33.0.1750.45 (including) | |
| Chrome | 33.0.1750.46 (including) | 33.0.1750.46 (including) | |
| Chrome | 33.0.1750.47 (including) | 33.0.1750.47 (including) | |
| Chrome | 33.0.1750.48 (including) | 33.0.1750.48 (including) | |
| Chrome | 33.0.1750.49 (including) | 33.0.1750.49 (including) | |
| Chrome | 33.0.1750.50 (including) | 33.0.1750.50 (including) | |
| Chrome | 33.0.1750.51 (including) | 33.0.1750.51 (including) | |
| Chrome | 33.0.1750.52 (including) | 33.0.1750.52 (including) | |
| Chrome | 33.0.1750.53 (including) | 33.0.1750.53 (including) | |
| Chrome | 33.0.1750.54 (including) | 33.0.1750.54 (including) | |
| Chrome | 33.0.1750.55 (including) | 33.0.1750.55 (including) | |
| Chrome | 33.0.1750.56 (including) | 33.0.1750.56 (including) | |
| Chrome | 33.0.1750.57 (including) | 33.0.1750.57 (including) | |
| Chrome | 33.0.1750.58 (including) | 33.0.1750.58 (including) | |
| Chrome | 33.0.1750.59 (including) | 33.0.1750.59 (including) | |
| Chrome | 33.0.1750.60 (including) | 33.0.1750.60 (including) | |
| Chrome | 33.0.1750.61 (including) | 33.0.1750.61 (including) | |
| Chrome | 33.0.1750.62 (including) | 33.0.1750.62 (including) | |
| Chrome | 33.0.1750.63 (including) | 33.0.1750.63 (including) | |
| Chrome | 33.0.1750.64 (including) | 33.0.1750.64 (including) | |
| Chrome | 33.0.1750.65 (including) | 33.0.1750.65 (including) | |
| Chrome | 33.0.1750.66 (including) | 33.0.1750.66 (including) | |
| Chrome | 33.0.1750.67 (including) | 33.0.1750.67 (including) | |
| Chrome | 33.0.1750.68 (including) | 33.0.1750.68 (including) | |
| Chrome | 33.0.1750.69 (including) | 33.0.1750.69 (including) | |
| Chrome | 33.0.1750.70 (including) | 33.0.1750.70 (including) | |
| Chrome | 33.0.1750.71 (including) | 33.0.1750.71 (including) | |
| Chrome | 33.0.1750.73 (including) | 33.0.1750.73 (including) | |
| Chrome | 33.0.1750.74 (including) | 33.0.1750.74 (including) | |
| Chrome | 33.0.1750.75 (including) | 33.0.1750.75 (including) | |
| Chrome | 33.0.1750.76 (including) | 33.0.1750.76 (including) | |
| Chrome | 33.0.1750.77 (including) | 33.0.1750.77 (including) | |
| Chrome | 33.0.1750.79 (including) | 33.0.1750.79 (including) | |
| Chrome | 33.0.1750.80 (including) | 33.0.1750.80 (including) | |
| Chrome | 33.0.1750.81 (including) | 33.0.1750.81 (including) | |
| Chrome | 33.0.1750.82 (including) | 33.0.1750.82 (including) | |
| Chrome | 33.0.1750.83 (including) | 33.0.1750.83 (including) | |
| Chrome | 33.0.1750.85 (including) | 33.0.1750.85 (including) | |
| Chrome | 33.0.1750.88 (including) | 33.0.1750.88 (including) | |
| Chrome | 33.0.1750.89 (including) | 33.0.1750.89 (including) | |
| Chrome | 33.0.1750.90 (including) | 33.0.1750.90 (including) | |
| Chrome | 33.0.1750.91 (including) | 33.0.1750.91 (including) | |
| Chrome | 33.0.1750.92 (including) | 33.0.1750.92 (including) | |
| Chrome | 33.0.1750.93 (including) | 33.0.1750.93 (including) | |
| Chrome | 33.0.1750.104 (including) | 33.0.1750.104 (including) | |
| Chrome | 33.0.1750.106 (including) | 33.0.1750.106 (including) | |
| Chrome | 33.0.1750.107 (including) | 33.0.1750.107 (including) | |
| Chrome | 33.0.1750.108 (including) | 33.0.1750.108 (including) | |
| Chrome | 33.0.1750.109 (including) | 33.0.1750.109 (including) | |
| Chrome | 33.0.1750.110 (including) | 33.0.1750.110 (including) | |
| Chrome | 33.0.1750.111 (including) | 33.0.1750.111 (including) | |
| Chrome | 33.0.1750.112 (including) | 33.0.1750.112 (including) | |
| Chrome | 33.0.1750.113 (including) | 33.0.1750.113 (including) | |
| Chrome | 33.0.1750.115 (including) | 33.0.1750.115 (including) | |
| Chrome | 33.0.1750.116 (including) | 33.0.1750.116 (including) | |
| Chrome | 33.0.1750.117 (including) | 33.0.1750.117 (including) | |
| Chrome | 33.0.1750.124 (including) | 33.0.1750.124 (including) | |
| Chrome | 33.0.1750.125 (including) | 33.0.1750.125 (including) | |
| Chrome | 33.0.1750.126 (including) | 33.0.1750.126 (including) | |
| Chrome | 33.0.1750.132 (including) | 33.0.1750.132 (including) | |
| Chrome | 33.0.1750.133 (including) | 33.0.1750.133 (including) | |
| Chrome | 33.0.1750.135 (including) | 33.0.1750.135 (including) | |
| Chrome | 33.0.1750.136 (including) | 33.0.1750.136 (including) | |
| Chromium-browser | Ubuntu | devel | * |
| Chromium-browser | Ubuntu | lucid | * |
| Chromium-browser | Ubuntu | precise | * |
| Chromium-browser | Ubuntu | quantal | * |
| Chromium-browser | Ubuntu | saucy | * |
| Chromium-browser | Ubuntu | upstream | * |