core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-02-24T02:00:00
Updated: 2024-08-06T17:46:22.383Z
Reserved: 2013-11-05T00:00:00
Link: CVE-2013-6657
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-02-24T04:48:10.053
Modified: 2014-04-01T06:26:54.497
Link: CVE-2013-6657
Redhat
No data.