Unrated severityNVD Advisory· Published Feb 15, 2014· Updated Apr 29, 2026

CVE-2013-6166

Description

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <=28.0.1500.95

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

redmine.lighttpd.net/issues/2188nvd
seclists.org/oss-sec/2013/q4/117nvd
seclists.org/oss-sec/2013/q4/121nvd
www.openwall.com/lists/oss-security/2013/04/03/10nvd
code.google.com/p/chromium/issues/detailnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000