CVE-2013-6636

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-12-07 00:55

Updated : 2024-02-04 18:16


NVD link : CVE-2013-6636

Mitre link : CVE-2013-6636

CVE.ORG link : CVE-2013-6636


JSON object : View

Products Affected

google

  • chrome
CWE
CWE-20

Improper Input Validation