Vulnerability Details : CVE-2013-6634
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
Products affected by CVE-2013-6634
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6634
1.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6634
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-6634
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6634
-
http://www.debian.org/security/2013/dsa-2811
Debian -- Security Information -- DSA-2811-1 chromium-browser
-
http://secunia.com/advisories/56217
Sign in
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
openSUSE-SU-2014:0065-1: moderate: update for chromium
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
openSUSE-SU-2013:1927-1: moderate: update for chromium
-
http://www.securitytracker.com/id/1029442
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Conduct Session Fixation Attacks, and Spoof the Address Bar - SecurityTracker
-
https://code.google.com/p/chromium/issues/detail?id=307159
307159 - Response splitting with 302 redirects allows chrome sync session fixation - chromium - Monorail
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
openSUSE-SU-2013:1933-1: moderate: update for chromium
-
https://src.chromium.org/viewvc/chrome?revision=236563&view=revision
[chrome] Revision 236563Patch
-
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
Jump to