CVE-2013-6643

Published: Jan 16, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

Affected (6)

Products: Google: Chrome · Opensuse: Opensuse · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.77

Running on/with	Platform Versions
Apple Mac Os X	All versions
Linux Linux Kernel	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.76

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: cve@mitre.org

Third Party Advisory

https://code.google.com/p/chromium/issues/detail?id=321940

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=237115&view=revision

Source: cve@mitre.org

PatchVendor Advisory

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://code.google.com/p/chromium/issues/detail?id=321940

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=237115&view=revision

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.