Test ID:	1.3.6.1.4.1.25623.1.0.702695
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2695-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2695-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2695-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2838 Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2839 Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-2840 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. CVE-2013-2841 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. CVE-2013-2842 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. CVE-2013-2843 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. CVE-2013-2845 The Web Audio implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2846 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. CVE-2013-2847 Race condition in the workers implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2013-2848 The XSS Auditor in Chromium before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. CVE-2013-2849 Multiple cross-site scripting (XSS) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'chromium-browser' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2837 Debian Security Information: DSA-2695 (Google Search) http://www.debian.org/security/2013/dsa-2695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250 Common Vulnerability Exposure (CVE) ID: CVE-2013-2838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16625 Common Vulnerability Exposure (CVE) ID: CVE-2013-2839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16760 Common Vulnerability Exposure (CVE) ID: CVE-2013-2840 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16706 Common Vulnerability Exposure (CVE) ID: CVE-2013-2841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16534 Common Vulnerability Exposure (CVE) ID: CVE-2013-2842 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15914 http://secunia.com/advisories/54886 Common Vulnerability Exposure (CVE) ID: CVE-2013-2843 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16547 Common Vulnerability Exposure (CVE) ID: CVE-2013-2844 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16624 Common Vulnerability Exposure (CVE) ID: CVE-2013-2845 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16354 Common Vulnerability Exposure (CVE) ID: CVE-2013-2846 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15805 Common Vulnerability Exposure (CVE) ID: CVE-2013-2847 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16716 Common Vulnerability Exposure (CVE) ID: CVE-2013-2848 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849 Common Vulnerability Exposure (CVE) ID: CVE-2013-2849 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.