Google » Chrome » 25.0.1364.73 : Security Vulnerabilities, CVEs, Published In 2013 (Bypass)
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
Max CVSS
6.8
EPSS Score
1.34%
Published
2013-12-07
Updated
2014-03-06
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.
Max CVSS
7.5
EPSS Score
0.69%
Published
2013-03-05
Updated
2017-09-19
2 vulnerabilities found