CVE-2013-6636
Google Chrome < 31.0.1650.63 - Address Bar Spoofing via Modal Dialog Document Write
Title source: llmDescription
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56217
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=322959
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2811
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
Patch x_refsource_confirm
https://src.chromium.org/viewvc/blink?revision=162673&view=revision
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029442
Scores
EPSS
0.0127
EPSS Percentile
66.5%
Details
CWE
CWE-20
Status
published
Products (50)
google/chrome
31.0.1650.0
google/chrome
31.0.1650.2
google/chrome
31.0.1650.3
google/chrome
31.0.1650.4
google/chrome
31.0.1650.5
google/chrome
31.0.1650.6
google/chrome
31.0.1650.7
google/chrome
31.0.1650.8
google/chrome
31.0.1650.9
google/chrome
31.0.1650.10
... and 40 more
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026