CVE-2013-2908 Information

Feb 14, 2021 cve

Description

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.

Reference

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=265221 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A18782 https://src.chromium.org/viewvc/chrome?revision=217485&view=revision

Share on: