CVE-2013-6634 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-6634 PUBLISHED

Reported by mitre · Published December 7, 2013

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Dec 7, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

56217 third-party-advisoryx_refsource_SECUNIA
openSUSE-SU-2014:0065 vendor-advisoryx_refsource_SUSE
x_refsource_CONFIRM
x_refsource_CONFIRM
x_refsource_CONFIRM
openSUSE-SU-2013:1933 vendor-advisoryx_refsource_SUSE
DSA-2811 vendor-advisoryx_refsource_DEBIAN
openSUSE-SU-2013:1927 vendor-advisoryx_refsource_SUSE
1029442 vdb-entryx_refsource_SECTRACK

Open in Interactive Console →