Candidate: CVE-2013-6166
PublicDate: 2014-02-15 14:57:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6166
 http://www.openwall.com/lists/oss-security/2013/04/03/10
 http://www.openwall.com/lists/oss-security/2013/10/17/2
 http://redmine.lighttpd.net/issues/2188
 https://code.google.com/p/chromium/issues/detail?id=238041
Description:
 Google Chrome before 29 sends HTTP Cookie headers without first validating
 that they have the required character-set restrictions, which allows remote
 attackers to conduct the equivalent of a persistent Logout CSRF attack via
 a crafted parameter that forces a web application to set a malformed cookie
 within an HTTP response.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: chad
CVSS: 

Patches_chromium-browser:
upstream_chromium-browser: released (31.0.1650.48)
lucid_chromium-browser: ignored (reached end-of-life)
precise_chromium-browser: released (31.0.1650.63-0ubuntu0.12.04.1~20131204.1)
quantal_chromium-browser: released (31.0.1650.63-0ubuntu0.12.10.1~20131204.1)
raring_chromium-browser: released (31.0.1650.63-0ubuntu0.13.04.1~20131204.1)
saucy_chromium-browser: released (31.0.1650.63-0ubuntu0.13.10.1~20131204.1)
devel_chromium-browser: not-affected (31.0.1650.63-0ubuntu1~20131204.1)