PT-2014-3158 · Google+1 · Google Chrome+1

Antoine Delignat-Lavaud

Published

2014-02-20

Updated

2024-06-15

CVE-2013-6659

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 33.0.1750.117

Description The issue concerns the SSLClientSocketNSS::Core::OwnAuthCertHandler function in Google Chrome, which does not prevent changes to server X.509 certificates during renegotiations. This allows remote SSL servers to trigger the use of a new certificate chain by initiating a TLS renegotiation, potentially inconsistent with the user's expectations.

Recommendations For versions prior to 33.0.1750.117, update to version 33.0.1750.117 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

ALT-PU-2014-1282

CVE-2013-6659

DSA-2883-1

MGASA-2014-0107

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Google Chrome

PT-2014-3158 · Google+1 · Google Chrome+1

CVE-2013-6659

Weakness Enumeration

Related Identifiers

Affected Products

References · 2368