CVE-2013-6634

Google Chrome < 31.0.1650.63 - Session Fixation via OneClickSigninHelper Realm Validation

Title source: llm

Description

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

References (9)

Core 9

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56217

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

Issue Tracking x_refsource_confirm

https://code.google.com/p/chromium/issues/detail?id=307159

Patch x_refsource_confirm

https://src.chromium.org/viewvc/chrome?revision=236563&view=revision

Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2811

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029442

Scores

EPSS 0.0144

EPSS Percentile 69.8%

Details

CWE

CWE-287

Status published

Products (50)

google/chrome 31.0.1650.0

google/chrome 31.0.1650.2

google/chrome 31.0.1650.3

google/chrome 31.0.1650.4

google/chrome 31.0.1650.5

google/chrome 31.0.1650.6

google/chrome 31.0.1650.7

google/chrome 31.0.1650.8

google/chrome 31.0.1650.9

google/chrome 31.0.1650.10

... and 40 more

Published Dec 07, 2013

Tracked Since Feb 18, 2026