XSS Auditor in Blink Allows Same Origin Policy Bypass in Google Chrome

XSS Auditor in Blink Allows Same Origin Policy Bypass in Google Chrome

CVE-2013-6657 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

Learn more about our Cis Benchmark Audit For Google Chrome.