CVE-2013-6643 — Improper Authentication in Google Chrome

CWE-287 — Improper Authentication2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Opensuse

Timeline

PublishedJan 16

Latest updateMay 13

Description

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome< 32.0.1700.77+1

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: code.google.com ↗Patch: src.chromium.org ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-5p2m-h2qg-qcq6: The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view↗2022-05-13

▶