The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.
2014-03-05T05:11:22.297
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | chrome | ≤ 33.0.1750.144 | Yes | |
| Application | chrome | 33.0.1750.0 | Yes | |
| Application | chrome | 33.0.1750.1 | Yes | |
| Application | chrome | 33.0.1750.2 | Yes | |
| Application | chrome | 33.0.1750.3 | Yes | |
| Application | chrome | 33.0.1750.4 | Yes | |
| Application | chrome | 33.0.1750.5 | Yes | |
| Application | chrome | 33.0.1750.6 | Yes | |
| Application | chrome | 33.0.1750.7 | Yes | |
| Application | chrome | 33.0.1750.8 | Yes | |
| Application | chrome | 33.0.1750.9 | Yes | |
| Application | chrome | 33.0.1750.10 | Yes | |
| Application | chrome | 33.0.1750.11 | Yes | |
| Application | chrome | 33.0.1750.12 | Yes | |
| Application | chrome | 33.0.1750.13 | Yes | |
| Application | chrome | 33.0.1750.14 | Yes | |
| Application | chrome | 33.0.1750.15 | Yes | |
| Application | chrome | 33.0.1750.16 | Yes | |
| Application | chrome | 33.0.1750.18 | Yes | |
| Application | chrome | 33.0.1750.19 | Yes | |
| Application | chrome | 33.0.1750.20 | Yes | |
| Application | chrome | 33.0.1750.21 | Yes | |
| Application | chrome | 33.0.1750.22 | Yes | |
| Application | chrome | 33.0.1750.23 | Yes | |
| Application | chrome | 33.0.1750.24 | Yes | |
| Application | chrome | 33.0.1750.25 | Yes | |
| Application | chrome | 33.0.1750.26 | Yes | |
| Application | chrome | 33.0.1750.27 | Yes | |
| Application | chrome | 33.0.1750.28 | Yes | |
| Application | chrome | 33.0.1750.29 | Yes | |
| Application | chrome | 33.0.1750.30 | Yes | |
| Application | chrome | 33.0.1750.31 | Yes | |
| Application | chrome | 33.0.1750.34 | Yes | |
| Application | chrome | 33.0.1750.35 | Yes | |
| Application | chrome | 33.0.1750.36 | Yes | |
| Application | chrome | 33.0.1750.37 | Yes | |
| Application | chrome | 33.0.1750.38 | Yes | |
| Application | chrome | 33.0.1750.39 | Yes | |
| Application | chrome | 33.0.1750.40 | Yes | |
| Application | chrome | 33.0.1750.41 | Yes | |
| Application | chrome | 33.0.1750.42 | Yes | |
| Application | chrome | 33.0.1750.43 | Yes | |
| Application | chrome | 33.0.1750.44 | Yes | |
| Application | chrome | 33.0.1750.45 | Yes | |
| Application | chrome | 33.0.1750.46 | Yes | |
| Application | chrome | 33.0.1750.47 | Yes | |
| Application | chrome | 33.0.1750.48 | Yes | |
| Application | chrome | 33.0.1750.49 | Yes | |
| Application | chrome | 33.0.1750.50 | Yes | |
| Application | chrome | 33.0.1750.51 | Yes | |
| Application | chrome | 33.0.1750.52 | Yes | |
| Application | chrome | 33.0.1750.53 | Yes | |
| Application | chrome | 33.0.1750.54 | Yes | |
| Application | chrome | 33.0.1750.55 | Yes | |
| Application | chrome | 33.0.1750.56 | Yes | |
| Application | chrome | 33.0.1750.57 | Yes | |
| Application | chrome | 33.0.1750.58 | Yes | |
| Application | chrome | 33.0.1750.59 | Yes | |
| Application | chrome | 33.0.1750.60 | Yes | |
| Application | chrome | 33.0.1750.61 | Yes | |
| Application | chrome | 33.0.1750.62 | Yes | |
| Application | chrome | 33.0.1750.63 | Yes | |
| Application | chrome | 33.0.1750.64 | Yes | |
| Application | chrome | 33.0.1750.65 | Yes | |
| Application | chrome | 33.0.1750.66 | Yes | |
| Application | chrome | 33.0.1750.67 | Yes | |
| Application | chrome | 33.0.1750.68 | Yes | |
| Application | chrome | 33.0.1750.69 | Yes | |
| Application | chrome | 33.0.1750.70 | Yes | |
| Application | chrome | 33.0.1750.71 | Yes | |
| Application | chrome | 33.0.1750.73 | Yes | |
| Application | chrome | 33.0.1750.74 | Yes | |
| Application | chrome | 33.0.1750.75 | Yes | |
| Application | chrome | 33.0.1750.76 | Yes | |
| Application | chrome | 33.0.1750.77 | Yes | |
| Application | chrome | 33.0.1750.79 | Yes | |
| Application | chrome | 33.0.1750.80 | Yes | |
| Application | chrome | 33.0.1750.81 | Yes | |
| Application | chrome | 33.0.1750.82 | Yes | |
| Application | chrome | 33.0.1750.83 | Yes | |
| Application | chrome | 33.0.1750.85 | Yes | |
| Application | chrome | 33.0.1750.88 | Yes | |
| Application | chrome | 33.0.1750.89 | Yes | |
| Application | chrome | 33.0.1750.90 | Yes | |
| Application | chrome | 33.0.1750.91 | Yes | |
| Application | chrome | 33.0.1750.92 | Yes | |
| Application | chrome | 33.0.1750.93 | Yes | |
| Application | chrome | 33.0.1750.104 | Yes | |
| Application | chrome | 33.0.1750.106 | Yes | |
| Application | chrome | 33.0.1750.107 | Yes | |
| Application | chrome | 33.0.1750.108 | Yes | |
| Application | chrome | 33.0.1750.109 | Yes | |
| Application | chrome | 33.0.1750.110 | Yes | |
| Application | chrome | 33.0.1750.111 | Yes | |
| Application | chrome | 33.0.1750.112 | Yes | |
| Application | chrome | 33.0.1750.113 | Yes | |
| Application | chrome | 33.0.1750.115 | Yes | |
| Application | chrome | 33.0.1750.116 | Yes | |
| Application | chrome | 33.0.1750.117 | Yes | |
| Application | chrome | 33.0.1750.124 | Yes | |
| Application | chrome | 33.0.1750.125 | Yes | |
| Application | chrome | 33.0.1750.126 | Yes | |
| Application | chrome | 33.0.1750.132 | Yes | |
| Application | chrome | 33.0.1750.133 | Yes | |
| Application | chrome | 33.0.1750.135 | Yes | |
| Application | chrome | 33.0.1750.136 | Yes |