CVE-2013-6636Improper Input Validation in Google Chrome

CWE-20Improper Input Validation2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 27.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedDec 7
Latest updateMay 17

Description

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome31.0.1650.62+57

Patches

Patch: src.chromium.orgPatch: src.chromium.org

🔴Vulnerability Details

1
GHSA
GHSA-h7rm-f5x3-9mh4: The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader2022-05-17