Endpoint Vulnerability

Security Vulnerability CVE-2013-2866 for Google Chrome

Description

The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine\\'s physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.

Affected Products

Google Chrome

References

CVE-2013-2866,