Launchpad CVE tracker

CVE 2013-2908

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.

Related bugs and status

CVE-2013-2908 (Candidate) is related to these bugs:

Bug #1223855: after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T

Summary				In	Importance	Status
	1223855	after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1226143: error while loading shared libraries: liburl_lib.so

Summary				In	Importance	Status
	1226143	error while loading shared libraries: liburl_lib.so		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1232575: chrome.extension not available when called from extension scripts in Chromium but works on Chrome

Summary				In	Importance	Status
	1232575	chrome.extension not available when called from extension scripts in Chromium but works on Chrome		chromium-browser (Ubuntu)	High	Fix Released
	1232575	chrome.extension not available when called from extension scripts in Chromium but works on Chrome		Chromium Browser	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2908

References