fkie_cve-2013-6626
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 31.0.1650.0 | ||
| chrome | 31.0.1650.2 | ||
| chrome | 31.0.1650.3 | ||
| chrome | 31.0.1650.4 | ||
| chrome | 31.0.1650.5 | ||
| chrome | 31.0.1650.6 | ||
| chrome | 31.0.1650.7 | ||
| chrome | 31.0.1650.8 | ||
| chrome | 31.0.1650.9 | ||
| chrome | 31.0.1650.10 | ||
| chrome | 31.0.1650.11 | ||
| chrome | 31.0.1650.12 | ||
| chrome | 31.0.1650.13 | ||
| chrome | 31.0.1650.14 | ||
| chrome | 31.0.1650.15 | ||
| chrome | 31.0.1650.16 | ||
| chrome | 31.0.1650.17 | ||
| chrome | 31.0.1650.18 | ||
| chrome | 31.0.1650.19 | ||
| chrome | 31.0.1650.20 | ||
| chrome | 31.0.1650.22 | ||
| chrome | 31.0.1650.23 | ||
| chrome | 31.0.1650.25 | ||
| chrome | 31.0.1650.26 | ||
| chrome | 31.0.1650.27 | ||
| chrome | 31.0.1650.28 | ||
| chrome | 31.0.1650.29 | ||
| chrome | 31.0.1650.30 | ||
| chrome | 31.0.1650.31 | ||
| chrome | 31.0.1650.32 | ||
| chrome | 31.0.1650.33 | ||
| chrome | 31.0.1650.34 | ||
| chrome | 31.0.1650.35 | ||
| chrome | 31.0.1650.36 | ||
| chrome | 31.0.1650.37 | ||
| chrome | 31.0.1650.38 | ||
| chrome | 31.0.1650.39 | ||
| chrome | 31.0.1650.41 | ||
| chrome | 31.0.1650.42 | ||
| chrome | 31.0.1650.43 | ||
| chrome | 31.0.1650.44 | ||
| chrome | 31.0.1650.45 | ||
| chrome | 31.0.1650.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D96E10B-3A68-42C3-BC76-16371F70EFB1",
"versionEndIncluding": "31.0.1650.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE0CD4B-7AF0-408C-A0A4-5C1BF99DCC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E419AD3-959E-4CBE-AA82-6FF50ADA5F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB7361C-D835-4EA4-A02A-517A88235E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8FBD4F-A625-4481-ACC3-11D1EC38E61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*",
"matchCriteriaId": "54CE56C0-FEBB-4B88-B492-7F4834F1E7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C5BFB2-1662-40C8-91F3-BAADA15BBDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1591A0BA-598A-4B52-990B-D897D0717659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2399FF12-3C99-4822-9C7F-ACE21A75B07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0F6EDE-7B69-4522-880B-5D384BA165B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F05FCCF-7EF3-4AE8-9699-C59716B64FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC4ED3-D2F4-49E4-917C-14CBD4B48217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DACE52-4FEE-46DB-8A3E-453927346324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB25316-F742-489F-982A-F2E93CC2A991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCDDE4F-1AFF-47BB-AEED-1162557C3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC97D41-FC3F-4257-ADCF-A18CE16BD123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*",
"matchCriteriaId": "08BB30B1-5D2B-4BF0-A9B2-E9DA58DB4421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7D94E9E7-694E-4D4D-87E3-C599BF0D34E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*",
"matchCriteriaId": "95693DB4-F3A3-4E9B-81BC-9659DC28266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*",
"matchCriteriaId": "543A3EED-3B52-4F32-91CB-CE519502DAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EA826854-B16A-4F3B-9B45-B20967C398CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5EBF2E-E025-4F7F-8B59-E898526509CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*",
"matchCriteriaId": "57710E9D-5ACE-43B8-87E9-B62FE8602316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2094C58D-F541-4622-8A85-0F29E8FA2C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*",
"matchCriteriaId": "170A2964-5947-4DDB-8AE2-C919BEF38DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*",
"matchCriteriaId": "095EF1A2-A17B-4D1D-A314-770757DBC77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*",
"matchCriteriaId": "15659D3B-13DB-447D-B680-3CBA8A153B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*",
"matchCriteriaId": "206DDB27-676F-4373-A0CC-762C9F593E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE66FCD-C9F5-4341-983A-BED55E80C3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*",
"matchCriteriaId": "7E32F32F-BEFA-41E2-B77E-576662A36A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC0102-E20D-479C-AF93-1DBCD0052B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*",
"matchCriteriaId": "CA262B88-A7F0-4F27-A002-7CFFF097D95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D23D07-42C3-49E6-B381-E4F8F7392ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*",
"matchCriteriaId": "66941327-5BC4-4F22-920E-5A1E9A2A2234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C01B6CFF-9602-4D81-BCB0-49F584B55AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC5025C-3FEC-4C14-B785-5B3B8E093BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB6E22F-B320-449C-97A2-EB8BFB54B73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*",
"matchCriteriaId": "C13D619A-70FA-4C77-8603-6EEA8F6193D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*",
"matchCriteriaId": "32059BF8-EF17-41C1-A0FC-39B41E775F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*",
"matchCriteriaId": "6636E503-0532-4E10-881E-C3E929CE5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2259D6-6B9F-4625-9E69-CD157748ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2C9F265B-5685-445B-9EEB-546849AD9272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*",
"matchCriteriaId": "18F7A611-76FC-4AE4-8D5A-F7E75270FDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AF9C17-46A4-46F4-9D22-217EDE0AFAF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site."
},
{
"lang": "es",
"value": "La funci\u00f3n WebContentsImpl::AttachInterstitialPage de content/browser/web_contents/web_contents_impl.cc en Google Chrome anterior a la versi\u00f3n 31.0.1650.48 no cancela di\u00e1logos JavaScript en la generaci\u00f3n de una advertencia intersticial, lo que permite a atacantes remotos falsificar la barra de direcciones a trav\u00e9s de un sitio Web dise\u00f1ado."
}
],
"id": "CVE-2013-6626",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:04.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2799"
},
{
"source": "cve@mitre.org",
"url": "https://code.google.com/p/chromium/issues/detail?id=295695"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401"
},
{
"source": "cve@mitre.org",
"url": "https://src.chromium.org/viewvc/chrome?revision=225026\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=295695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://src.chromium.org/viewvc/chrome?revision=225026\u0026view=revision"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…