VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 7, 2013· Updated Apr 29, 2026

CVE-2013-6634

CVE-2013-6634

Description

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

Affected products

58
  • Google/Chrome58 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 57 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=31.0.1650.62
    • cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.