Lucene search

K
cve[email protected]CVE-2013-6643
HistoryJan 16, 2014 - 12:17 p.m.

CVE-2013-6643

2014-01-1612:17:26
CWE-287
web.nvd.nist.gov
44
google chrome
oneclicksigninbubbleview
windowclosing
sync
arbitrary
google account
improper handling
untrusted signin confirm
dialog
cve-2013-6643
nvd

6.1 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

Affected configurations

NVD
Node
googlechromeRange<32.0.1700.77
AND
applemac_os_xMatch-
OR
linuxlinux_kernelMatch-
Node
opensuseopensuseMatch12.3
OR
opensuseopensuseMatch13.1
Node
googlechromeRange<32.0.1700.76
AND
microsoftwindowsMatch-
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0

6.1 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%