CVE-2013-6634

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 31.0.1650.63

Description The issue arises from the OneClickSigninHelper::ShowInfoBarIfPossible function in Google Chrome, which uses an incorrect URL during realm validation. This allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 HTTP status code.

Recommendations For versions prior to 31.0.1650.63, update to version 31.0.1650.63 or later to resolve the issue. As a temporary workaround, consider disabling the OneClickSigninHelper::ShowInfoBarIfPossible function until a patch is available. Restrict access to sensitive information and avoid using the browser for critical operations until the update is applied.