Unrated severityNVD Advisory· Published Mar 7, 2013· Updated Apr 29, 2026

CVE-2013-2493

Description

The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element.

Affected products

Google/Chrome Frame3 versions
cpe:2.3:a:google:chrome_frame:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:google:chrome_frame:*:*:*:*:*:*:*:*range: <=26.0.1410.27
- cpe:2.3:a:google:chrome_frame:15.0.874.121:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome_frame:16.0.912.63:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

src.chromium.org/viewvc/chromenvdVendor Advisory
chromiumcodereview.appspot.com/12395021nvdVendor Advisory
googlechromereleases.blogspot.com/2013/03/beta-channel-update.htmlnvd
src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/protocol_sink_wrap.ccnvd
code.google.com/p/chromium/issues/detailnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000