CVE-2013-6657Google Chrome vulnerability

CWE-2642 documents2 sources
Severity
6.4MEDIUMNVD
EPSS
0.3%
top 49.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedFeb 24
Latest updateMay 17

Description

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDgoogle/chrome33.0.1750.116+96

Patches

Patch: src.chromium.orgPatch: src.chromium.org

🔴Vulnerability Details

1
GHSA
GHSA-h89f-7xhx-wfx9: core/html/parser/XSSAuditor2022-05-17