CVE-2013-6657 : core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

Published 2014-02-24 04:48:10

Updated 2014-04-01 06:26:54

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2013-6657

Probability of exploitation activity in the next 30 days: 0.24%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6657

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-6657

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6657

http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html

openSUSE-SU-2014:0327-1: moderate: chromium: update to 33.0.1750.117 sec

CVEs referencing this url
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2883

Debian -- Security Information -- DSA-2883-1 chromium-browser

CVEs referencing this url
https://src.chromium.org/viewvc/blink?revision=164538&view=revision

[blink] Revision 164538
Patch
https://code.google.com/p/chromium/issues/detail?id=331060

331060 - Security: XSS Auditor behavior can cause leak of submitted form data because of about:blank redirection - chromium - Monorail

Products affected by CVE-2013-6657

Google » Chrome
Versions up to, including, (<=) 33.0.1750.116
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.113
cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.112
cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.104
cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.93
cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.83
cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.82
cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.73
cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.71
cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.64
cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.63
cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.56
cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.55
cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.47
cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.46
cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.39
cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.38
cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.29
cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.28
cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.27
cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.20
cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.19
cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.11
cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.10
cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.2
cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.1
cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.115
cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.107
cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.106
cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.88
cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.85
cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.75
cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.74
cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.66
cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.65
cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.58
cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.57
cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.49
cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.48
cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.41
cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.40
cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.31
cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.30
cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.22
cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.21
cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.13
cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.12
cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.5
cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.4
cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.3
cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.109
cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.108
cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.90
cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.89
cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.79
cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.77
cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.76
cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.68
cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.67
cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.60
cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.59
cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.51
cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.50
cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.43
cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.42
cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.35
cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.34
cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.24
cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.23
cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.15
cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.14
cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.7
cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.6
cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.111
cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.110
cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.92
cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.91
cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.81
cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.80
cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.70
cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.69
cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.62
cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.61
cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.54
cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.53
cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.52
cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.45
cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.44
cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.37
cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.36
cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.26
cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.25
cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.18
cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.16
cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.9
cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.8
cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 33.0.1750.0
cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-6657

Exploit prediction scoring system (EPSS) score for CVE-2013-6657

CVSS scores for CVE-2013-6657

CWE ids for CVE-2013-6657

References for CVE-2013-6657

Products affected by CVE-2013-6657