CVE-2013-6634

Google Chrome < 31.0.1650.62 - Authentication Bypass

Title source: rule

Description

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

References (9)

[Vendor Advisory] http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

[Third Party Advisory] http://secunia.com/advisories/56217

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2811

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029442

[Patch] https://src.chromium.org/viewvc/chrome?revision=236563&view=revision

[Issue Tracking] https://code.google.com/p/chromium/issues/detail?id=307159

Scores

EPSS 0.0131

EPSS Percentile 79.6%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

google/chrome < 31.0.1650.62

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

... and 35 more

Timeline

Published Dec 07, 2013

Tracked Since Feb 18, 2026