CVE-2013-6657

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-6657 at MITRE

Description

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
CVSS v2 Scores
  National Vulnerability Database
Base Score 6.42
Vector AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

SUSE information

SUSE Bugzilla entry: 865500 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • chromedriver >= 33.0.1750.117-1.29.2
  • chromedriver-debuginfo >= 33.0.1750.117-1.29.2
  • chromium >= 33.0.1750.117-1.29.2
  • chromium-debuginfo >= 33.0.1750.117-1.29.2
  • chromium-debugsource >= 33.0.1750.117-1.29.2
  • chromium-desktop-gnome >= 33.0.1750.117-1.29.2
  • chromium-desktop-kde >= 33.0.1750.117-1.29.2
  • chromium-ffmpegsumo >= 33.0.1750.117-1.29.2
  • chromium-ffmpegsumo-debuginfo >= 33.0.1750.117-1.29.2
  • chromium-suid-helper >= 33.0.1750.117-1.29.2
  • chromium-suid-helper-debuginfo >= 33.0.1750.117-1.29.2
Patchnames:
openSUSE-2014-182
openSUSE 13.1
  • chromedriver >= 33.0.1750.117-21.2
  • chromedriver-debuginfo >= 33.0.1750.117-21.2
  • chromium >= 33.0.1750.117-21.2
  • chromium-debuginfo >= 33.0.1750.117-21.2
  • chromium-debugsource >= 33.0.1750.117-21.2
  • chromium-desktop-gnome >= 33.0.1750.117-21.2
  • chromium-desktop-kde >= 33.0.1750.117-21.2
  • chromium-ffmpegsumo >= 33.0.1750.117-21.2
  • chromium-ffmpegsumo-debuginfo >= 33.0.1750.117-21.2
  • chromium-suid-helper >= 33.0.1750.117-21.2
  • chromium-suid-helper-debuginfo >= 33.0.1750.117-21.2
Patchnames:
openSUSE-2014-182