Candidate: CVE-2013-6657
PublicDate: 2014-02-24 04:48:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
 https://src.chromium.org/viewvc/blink?revision=164538&view=revision
 https://code.google.com/p/chromium/issues/detail?id=331060
 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
Description:
 core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in
 Google Chrome before 33.0.1750.117, inserts the about:blank URL during
 certain blocking of FORM elements within HTTP requests, which allows remote
 attackers to bypass the Same Origin Policy and obtain sensitive information
 via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chad
CVSS: 

Patches_chromium-browser:
upstream_chromium-browser: released (33.0.1750.117)
lucid_chromium-browser: ignored (reached end-of-life)
precise_chromium-browser: released (33.0.1750.152-0ubuntu0.12.04.1~pkg879.1)
quantal_chromium-browser: released (33.0.1750.152-0ubuntu0.12.10.1~pkg895.1)
saucy_chromium-browser: released (33.0.1750.152-0ubuntu0.13.10.1~pkg984.1)
devel_chromium-browser: released (33.0.1750.152-0ubuntu1~pkg995.1)