CVE-2013-6802

Name: CVE-2013-6802
Creator: NVD / NIST
Published: 2013-11-18T05:23:57.91+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.43%

Last modified Jun 17, 2026

CVE-2013-6802 is a vulnerability of currently unknown severity. Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.

Description

Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.

Metrics

EPSS Probability

1.43%

69.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Google	Chrome	<= 31.0.1650.57

References

http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.htmlPatch, Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.htmlPatch, Vendor Advisory
http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=319117Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=319125Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89201Third Party Advisory, VDB Entry
http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.htmlPatch, Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.htmlPatch, Vendor Advisory
http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=319117Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=319125Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89201Third Party Advisory, VDB Entry

Timeline

Published: Nov 18, 2013
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-6802?

How severe is CVE-2013-6802?

Severity scoring for CVE-2013-6802 is pending analysis. The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2013-6802?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-6802?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST