Back to search
CVE-2013-6636
Published: Dec 7, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
56217
third-party-advisory
x_refsource_SECUNIA
https://code.google.com/p/chromium/issues/detail?id=322959
x_refsource_CONFIRM
openSUSE-SU-2014:0065
vendor-advisory
x_refsource_SUSE
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
x_refsource_CONFIRM
openSUSE-SU-2013:1933
vendor-advisory
x_refsource_SUSE
DSA-2811
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2013:1927
vendor-advisory
x_refsource_SUSE
https://src.chromium.org/viewvc/blink?revision=162673&view=revision
x_refsource_CONFIRM
1029442
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now