CVE-2013-6634
Published: 7 December 2013
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(31.0.1650.63-0ubuntu0.12.04.1~20131204.1)
|
|
quantal |
Released
(31.0.1650.63-0ubuntu0.12.10.1~20131204.1)
|
|
raring |
Released
(31.0.1650.63-0ubuntu0.13.04.1~20131204.1)
|
|
saucy |
Released
(31.0.1650.63-0ubuntu0.13.10.1~20131204.1)
|
|
upstream |
Released
(31.0.1650.63)
|