Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-6634

Published: 7 December 2013

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise
Released (31.0.1650.63-0ubuntu0.12.04.1~20131204.1)
quantal
Released (31.0.1650.63-0ubuntu0.12.10.1~20131204.1)
raring
Released (31.0.1650.63-0ubuntu0.13.04.1~20131204.1)
saucy
Released (31.0.1650.63-0ubuntu0.13.10.1~20131204.1)
upstream
Released (31.0.1650.63)