CVE-2013-6656Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 40.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedFeb 24
Latest updateMay 17

Description

The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome33.0.1750.116+96

Patches

Patch: src.chromium.orgPatch: src.chromium.org

🔴Vulnerability Details

1
GHSA
GHSA-5c22-prr4-qxpr: The XSSAuditor::init function in core/html/parser/XSSAuditor2022-05-17