Vulnerability Details : CVE-2013-6643
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-6643
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6643
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6643
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-6643
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6643
-
http://www.debian.org/security/2014/dsa-2862
Debian -- Security Information -- DSA-2862-1 chromium-browserThird Party Advisory
-
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html
Chrome Releases: Stable Channel UpdateRelease Notes;Vendor Advisory
-
https://src.chromium.org/viewvc/chrome?revision=237115&view=revision
[chrome] Revision 237115Patch;Vendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=321940
321940 - Security: Inserting a Google account to Chrome and stealing user's private data - chromium - MonorailExploit;Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html
[security-announce] openSUSE-SU-2014:0243-1: important: chromium to 32.0Mailing List;Third Party Advisory
Jump to