Vulnerability Description
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 33.0.1750.116 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=331060
- https://src.chromium.org/viewvc/blink?revision=164538&view=revisionPatch
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=331060
- https://src.chromium.org/viewvc/blink?revision=164538&view=revisionPatch
FAQ
What is CVE-2013-6657?
CVE-2013-6657 is a vulnerability with a CVSS score of 6.4 (MEDIUM). core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, w...
How severe is CVE-2013-6657?
CVE-2013-6657 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6657?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.