Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6657

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2013-6657
Last Modified 01 Apr 2014 02:26:54
Published 23 Feb 2014 11:48:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-6657

Summary

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

Vulnerable Systems

Application

  • Google Chrome 33.0.1750.0

  • Google Chrome 33.0.1750.1

  • Google Chrome 33.0.1750.10

  • Google Chrome 33.0.1750.104

  • Google Chrome 33.0.1750.106

  • Google Chrome 33.0.1750.107

  • Google Chrome 33.0.1750.108

  • Google Chrome 33.0.1750.109

  • Google Chrome 33.0.1750.11

  • Google Chrome 33.0.1750.110

  • Google Chrome 33.0.1750.111

  • Google Chrome 33.0.1750.112

  • Google Chrome 33.0.1750.113

  • Google Chrome 33.0.1750.115

  • Google Chrome 33.0.1750.116

  • Google Chrome 33.0.1750.12

  • Google Chrome 33.0.1750.13

  • Google Chrome 33.0.1750.14

  • Google Chrome 33.0.1750.15

  • Google Chrome 33.0.1750.16

  • Google Chrome 33.0.1750.18

  • Google Chrome 33.0.1750.19

  • Google Chrome 33.0.1750.2

  • Google Chrome 33.0.1750.20

  • Google Chrome 33.0.1750.21

  • Google Chrome 33.0.1750.22

  • Google Chrome 33.0.1750.23

  • Google Chrome 33.0.1750.24

  • Google Chrome 33.0.1750.25

  • Google Chrome 33.0.1750.26

  • Google Chrome 33.0.1750.27

  • Google Chrome 33.0.1750.28

  • Google Chrome 33.0.1750.29

  • Google Chrome 33.0.1750.3

  • Google Chrome 33.0.1750.30

  • Google Chrome 33.0.1750.31

  • Google Chrome 33.0.1750.34

  • Google Chrome 33.0.1750.35

  • Google Chrome 33.0.1750.36

  • Google Chrome 33.0.1750.37

  • Google Chrome 33.0.1750.38

  • Google Chrome 33.0.1750.39

  • Google Chrome 33.0.1750.4

  • Google Chrome 33.0.1750.40

  • Google Chrome 33.0.1750.41

  • Google Chrome 33.0.1750.42

  • Google Chrome 33.0.1750.43

  • Google Chrome 33.0.1750.44

  • Google Chrome 33.0.1750.45

  • Google Chrome 33.0.1750.46

  • Google Chrome 33.0.1750.47

  • Google Chrome 33.0.1750.48

  • Google Chrome 33.0.1750.49

  • Google Chrome 33.0.1750.5

  • Google Chrome 33.0.1750.50

  • Google Chrome 33.0.1750.51

  • Google Chrome 33.0.1750.52

  • Google Chrome 33.0.1750.53

  • Google Chrome 33.0.1750.54

  • Google Chrome 33.0.1750.55

  • Google Chrome 33.0.1750.56

  • Google Chrome 33.0.1750.57

  • Google Chrome 33.0.1750.58

  • Google Chrome 33.0.1750.59

  • Google Chrome 33.0.1750.6

  • Google Chrome 33.0.1750.60

  • Google Chrome 33.0.1750.61

  • Google Chrome 33.0.1750.62

  • Google Chrome 33.0.1750.63

  • Google Chrome 33.0.1750.64

  • Google Chrome 33.0.1750.65

  • Google Chrome 33.0.1750.66

  • Google Chrome 33.0.1750.67

  • Google Chrome 33.0.1750.68

  • Google Chrome 33.0.1750.69

  • Google Chrome 33.0.1750.7

  • Google Chrome 33.0.1750.70

  • Google Chrome 33.0.1750.71

  • Google Chrome 33.0.1750.73

  • Google Chrome 33.0.1750.74

  • Google Chrome 33.0.1750.75

  • Google Chrome 33.0.1750.76

  • Google Chrome 33.0.1750.77

  • Google Chrome 33.0.1750.79

  • Google Chrome 33.0.1750.8

  • Google Chrome 33.0.1750.80

  • Google Chrome 33.0.1750.81

  • Google Chrome 33.0.1750.82

  • Google Chrome 33.0.1750.83

  • Google Chrome 33.0.1750.85

  • Google Chrome 33.0.1750.88

  • Google Chrome 33.0.1750.89

  • Google Chrome 33.0.1750.9

  • Google Chrome 33.0.1750.90

  • Google Chrome 33.0.1750.91

  • Google Chrome 33.0.1750.92

  • Google Chrome 33.0.1750.93


References

MISC - https://src.chromium.org/viewvc/blink?revision=164538&view=revision

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=331060

CONFIRM - http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html

SUSE - openSUSE-SU-2014:0327

DEBIAN - DSA-2883

Related Patches

Google Chrome 33.0.1750.117 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 10:55:14