CVE-2013-6657

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://code.google.com/p/chromium/issues/detail?id=331060
https://src.chromium.org/viewvc/blink?revision=164538&view=revision	Patch
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
http://www.debian.org/security/2014/dsa-2883

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome:33.0.1750.111:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.110:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.109:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.91:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.90:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.80:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.79:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.69:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.68:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.61:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.60:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.73:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.70:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.92:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.46:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.38:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.93:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.112:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.28:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.55:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.10:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.81:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.71:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.45:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.63:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.82:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.113:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.19:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.18:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.27:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.62:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.37:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.54:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.89:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.51:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.39:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.22:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.41:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.66:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.12:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.65:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.85:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.106:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.88:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.11:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.104:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.34:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.31:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.23:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.47:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.49:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.57:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.115:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.108:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.40:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.29:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.76:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.58:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.75:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.20:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.59:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.3:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.64:::::::*
	cpe:2.3:a:google:chrome:33.0.1750.50:::::::*
cpe:2.3:a:google:chrome::::::::
cpe:2.3:a:google:chrome:33.0.1750.42:::::::*
cpe:2.3:a:google:chrome:33.0.1750.21:::::::*
cpe:2.3:a:google:chrome:33.0.1750.77:::::::*
cpe:2.3:a:google:chrome:33.0.1750.4:::::::*
cpe:2.3:a:google:chrome:33.0.1750.48:::::::*
cpe:2.3:a:google:chrome:33.0.1750.56:::::::*
cpe:2.3:a:google:chrome:33.0.1750.24:::::::*
cpe:2.3:a:google:chrome:33.0.1750.30:::::::*
cpe:2.3:a:google:chrome:33.0.1750.67:::::::*
cpe:2.3:a:google:chrome:33.0.1750.107:::::::*
cpe:2.3:a:google:chrome:33.0.1750.74:::::::*
cpe:2.3:a:google:chrome:33.0.1750.83:::::::*
cpe:2.3:a:google:chrome:33.0.1750.1:::::::*
cpe:2.3:a:google:chrome:33.0.1750.44:::::::*
cpe:2.3:a:google:chrome:33.0.1750.16:::::::*
cpe:2.3:a:google:chrome:33.0.1750.52:::::::*
cpe:2.3:a:google:chrome:33.0.1750.0:::::::*
cpe:2.3:a:google:chrome:33.0.1750.36:::::::*
cpe:2.3:a:google:chrome:33.0.1750.9:::::::*
cpe:2.3:a:google:chrome:33.0.1750.5:::::::*
cpe:2.3:a:google:chrome:33.0.1750.13:::::::*
cpe:2.3:a:google:chrome:33.0.1750.6:::::::*
cpe:2.3:a:google:chrome:33.0.1750.25:::::::*
cpe:2.3:a:google:chrome:33.0.1750.26:::::::*
cpe:2.3:a:google:chrome:33.0.1750.8:::::::*
cpe:2.3:a:google:chrome:33.0.1750.7:::::::*
cpe:2.3:a:google:chrome:33.0.1750.35:::::::*
cpe:2.3:a:google:chrome:33.0.1750.43:::::::*
cpe:2.3:a:google:chrome:33.0.1750.15:::::::*
cpe:2.3:a:google:chrome:33.0.1750.2:::::::*
cpe:2.3:a:google:chrome:33.0.1750.14:::::::*
cpe:2.3:a:google:chrome:33.0.1750.53:::::::*

Information

Published : 2014-02-23 20:48

Updated : 2014-03-31 23:26

NVD link : CVE-2013-6657

Mitre link : CVE-2013-6657

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

google

chrome

6.4 /10