NVD

Id
41561  
Name
CVE-2013-6634  
Description
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-12-06  
Modified Date
2014-03-05  
Seq
2013-6634  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
210190 41561 CVE-2013-6634 http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html  View
210191 41561 CVE-2013-6634 openSUSE-SU-2013:1927  View
210192 41561 CVE-2013-6634 openSUSE-SU-2013:1933  View
210193 41561 CVE-2013-6634 openSUSE-SU-2014:0065  View
210194 41561 CVE-2013-6634 DSA-2811  View
210195 41561 CVE-2013-6634 1029442  View
210196 41561 CVE-2013-6634 https://code.google.com/p/chromium/issues/detail?id=307159  View
210197 41561 CVE-2013-6634 https://src.chromium.org/viewvc/chrome?revision=236563&view=revision  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23798 JVNDB-2013-005373 Google Chrome の browser/ui/sync/one_click_signin_helper.cc におけるセッション固定攻撃を実行される脆弱性 Google Chrome の browser/ui/sync/one_click_signin_helper.cc の OneClickSigninHelper::ShowInfoBarIfPossible 関数は、レルム検証中に誤った URL を使用するため、セッション固定攻撃を実行され、Web セッションをハイジャックされる脆弱性が存在します。 CVE-2013-6634 66576 CVE-2013-6634 41561 6.8 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005373.html 2013-12-04 2014-01-17 View