Published: 24/02/2014 Updated: 01/04/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome prior to 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote malicious users to obtain sensitive information via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome 33.0.1750.113
google chrome 33.0.1750.112
google chrome 33.0.1750.104
google chrome 33.0.1750.93
google chrome 33.0.1750.83
google chrome 33.0.1750.82
google chrome 33.0.1750.73
google chrome 33.0.1750.71
google chrome 33.0.1750.64
google chrome 33.0.1750.63
google chrome 33.0.1750.56
google chrome 33.0.1750.55
google chrome 33.0.1750.47
google chrome 33.0.1750.46
google chrome 33.0.1750.39
google chrome 33.0.1750.38
google chrome 33.0.1750.29
google chrome 33.0.1750.28
google chrome 33.0.1750.27
google chrome 33.0.1750.20
google chrome 33.0.1750.19
google chrome 33.0.1750.11
google chrome 33.0.1750.10
google chrome 33.0.1750.2
google chrome 33.0.1750.1
google chrome
google chrome 33.0.1750.115
google chrome 33.0.1750.107
google chrome 33.0.1750.106
google chrome 33.0.1750.88
google chrome 33.0.1750.85
google chrome 33.0.1750.75
google chrome 33.0.1750.74
google chrome 33.0.1750.66
google chrome 33.0.1750.65
google chrome 33.0.1750.58
google chrome 33.0.1750.57
google chrome 33.0.1750.49
google chrome 33.0.1750.48
google chrome 33.0.1750.41
google chrome 33.0.1750.40
google chrome 33.0.1750.31
google chrome 33.0.1750.30
google chrome 33.0.1750.22
google chrome 33.0.1750.21
google chrome 33.0.1750.13
google chrome 33.0.1750.12
google chrome 33.0.1750.5
google chrome 33.0.1750.4
google chrome 33.0.1750.3
google chrome 33.0.1750.109
google chrome 33.0.1750.108
google chrome 33.0.1750.90
google chrome 33.0.1750.89
google chrome 33.0.1750.79
google chrome 33.0.1750.77
google chrome 33.0.1750.76
google chrome 33.0.1750.68
google chrome 33.0.1750.67
google chrome 33.0.1750.60
google chrome 33.0.1750.59
google chrome 33.0.1750.51
google chrome 33.0.1750.50
google chrome 33.0.1750.43
google chrome 33.0.1750.42
google chrome 33.0.1750.35
google chrome 33.0.1750.34
google chrome 33.0.1750.24
google chrome 33.0.1750.23
google chrome 33.0.1750.15
google chrome 33.0.1750.14
google chrome 33.0.1750.7
google chrome 33.0.1750.6
google chrome 33.0.1750.111
google chrome 33.0.1750.110
google chrome 33.0.1750.92
google chrome 33.0.1750.91
google chrome 33.0.1750.81
google chrome 33.0.1750.80
google chrome 33.0.1750.70
google chrome 33.0.1750.69
google chrome 33.0.1750.62
google chrome 33.0.1750.61
google chrome 33.0.1750.54
google chrome 33.0.1750.53
google chrome 33.0.1750.52
google chrome 33.0.1750.45
google chrome 33.0.1750.44
google chrome 33.0.1750.37
google chrome 33.0.1750.36
google chrome 33.0.1750.26
google chrome 33.0.1750.25
google chrome 33.0.1750.18
google chrome 33.0.1750.16
google chrome 33.0.1750.9
google chrome 33.0.1750.8
google chrome 33.0.1750.0

Several vulnerabilities have been discovered in the chromium web browser CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser CVE-2013-6654 TheShow3511 discovered an issue in SVG handling CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling CVE-2013-6 ...

CWE-200 https://code.google.com/p/chromium/issues/detail?id=331725 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html https://src.chromium.org/viewvc/blink?revision=164749&view=revision http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html http://www.debian.org/security/2014/dsa-2883 https://nvd.nist.gov https://www.debian.org/security/./dsa-2883

Get Started

CVE-2013-6656

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect