CVE-2013-6628 — Google Chrome vulnerability

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedNov 13

Latest updateMay 17

Description

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome31.0.1650.47+43

🔴Vulnerability Details

GHSA

GHSA-569f-wv52-cf97: net/socket/ssl_client_socket_nss↗2022-05-17

▶