CVE-2013-6657

Upstream information

CVE-2013-6657 at MITRE

Description

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

---

SUSE information

CVSS v2 Scores

	National Vulnerability Database
Base Score	6.42
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entry: 865500 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2014:0327-1, published Wed, 5 Mar 2014 18:04:14 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 12.3	chromedriver >= 33.0.1750.117-1.29.2 chromedriver-debuginfo >= 33.0.1750.117-1.29.2 chromium >= 33.0.1750.117-1.29.2 chromium-debuginfo >= 33.0.1750.117-1.29.2 chromium-debugsource >= 33.0.1750.117-1.29.2 chromium-desktop-gnome >= 33.0.1750.117-1.29.2 chromium-desktop-kde >= 33.0.1750.117-1.29.2 chromium-ffmpegsumo >= 33.0.1750.117-1.29.2 chromium-ffmpegsumo-debuginfo >= 33.0.1750.117-1.29.2 chromium-suid-helper >= 33.0.1750.117-1.29.2 chromium-suid-helper-debuginfo >= 33.0.1750.117-1.29.2	Patchnames: openSUSE-2014-182
openSUSE 13.1	chromedriver >= 33.0.1750.117-21.2 chromedriver-debuginfo >= 33.0.1750.117-21.2 chromium >= 33.0.1750.117-21.2 chromium-debuginfo >= 33.0.1750.117-21.2 chromium-debugsource >= 33.0.1750.117-21.2 chromium-desktop-gnome >= 33.0.1750.117-21.2 chromium-desktop-kde >= 33.0.1750.117-21.2 chromium-ffmpegsumo >= 33.0.1750.117-21.2 chromium-ffmpegsumo-debuginfo >= 33.0.1750.117-21.2 chromium-suid-helper >= 33.0.1750.117-21.2 chromium-suid-helper-debuginfo >= 33.0.1750.117-21.2	Patchnames: openSUSE-2014-182