CVE-2013-6634
Publication date 7 December 2013
Last updated 24 July 2024
Ubuntu priority
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | 13.10 saucy |
Fixed 31.0.1650.63-0ubuntu0.13.10.1~20131204.1
|
13.04 raring |
Fixed 31.0.1650.63-0ubuntu0.13.04.1~20131204.1
|
|
12.10 quantal |
Fixed 31.0.1650.63-0ubuntu0.12.10.1~20131204.1
|
|
12.04 LTS precise |
Fixed 31.0.1650.63-0ubuntu0.12.04.1~20131204.1
|
|
10.04 LTS lucid | Ignored end of life |