Back to search
CVE-2013-6634
Published: Dec 7, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
56217
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:0065
vendor-advisory
x_refsource_SUSE
https://code.google.com/p/chromium/issues/detail?id=307159
x_refsource_CONFIRM
https://src.chromium.org/viewvc/chrome?revision=236563&view=revision
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
x_refsource_CONFIRM
openSUSE-SU-2013:1933
vendor-advisory
x_refsource_SUSE
DSA-2811
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2013:1927
vendor-advisory
x_refsource_SUSE
1029442
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now