CVE-2013-6628 : net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome b

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

Published 2013-11-13 15:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-6628

Google » Chrome
Versions up to, including, (<=) 31.0.1650.47
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.43
cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.42
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.34
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.33
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.25
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.23
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.15
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.14
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.7
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.6
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.5
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.45
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.44
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.36
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.35
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.27
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.26
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.17
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.16
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.9
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.8
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.46
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.38
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.37
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.29
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.28
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.19
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.18
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.11
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.10
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.2
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.0
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.41
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.39
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.32
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.31
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.30
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.22
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.20
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.13
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.12
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.4
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.3
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6628

EPSS FAQ

0.35%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6628

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2013-6628

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

[security-announce] openSUSE-SU-2013:1777-1: important: chromium: update

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19108

Repository / Oval Repository
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

openSUSE-SU-2014:0065-1: moderate: update for chromium

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=306959

CVEs referencing this url
https://secure-resumption.com/

miTLS, Triple Handshake, SMACK, FREAK, Logjam, and SLOTH

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

[security-announce] openSUSE-SU-2013:1861-1: important: chromium: update

CVEs referencing this url
https://src.chromium.org/viewvc/chrome?revision=229611&view=revision

[chrome] Revision 229611

CVEs referencing this url
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

[security-announce] openSUSE-SU-2013:1776-1: important: chromium: 31.0.1

CVEs referencing this url
http://www.debian.org/security/2013/dsa-2799

Debian -- Security Information -- DSA-2799-1 chromium-browser

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-6628

Products affected by CVE-2013-6628

Exploit prediction scoring system (EPSS) score for CVE-2013-6628

CVSS scores for CVE-2013-6628

References for CVE-2013-6628