core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html - Vendor Advisory | |
References | () http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html - | |
References | () http://www.debian.org/security/2014/dsa-2883 - | |
References | () https://code.google.com/p/chromium/issues/detail?id=331060 - | |
References | () https://src.chromium.org/viewvc/blink?revision=164538&view=revision - Patch |
Information
Published : 2014-02-24 04:48
Updated : 2024-11-21 01:59
NVD link : CVE-2013-6657
Mitre link : CVE-2013-6657
CVE.ORG link : CVE-2013-6657
JSON object : View
Products Affected
- chrome
CWE
CWE-264
Permissions, Privileges, and Access Controls