Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702706
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2706-1 (chromium-browser - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in the Chromium web;browser.;;CVE-2013-2855;The Developer Tools API in Chromium before 27.0.1453.110 allows;remote attackers to cause a denial of service (memory corruption) or;possibly have unspecified other impact via unknown vectors.;;CVE-2013-2856;Use-after-free vulnerability in Chromium before 27.0.1453.110;allows remote attackers to cause a denial of service or possibly;have unspecified other impact via vectors related to the handling of;input.;;CVE-2013-2857;Use-after-free vulnerability in Chromium before 27.0.1453.110;allows remote attackers to cause a denial of service or possibly;have unspecified other impact via vectors related to the handling of;images.;;CVE-2013-2858;Use-after-free vulnerability in the HTML5 Audio implementation in;Chromium before 27.0.1453.110 allows remote attackers to cause;a denial of service or possibly have unspecified other impact via;unknown vectors.;;CVE-2013-2859;Chromium before 27.0.1453.110 allows remote attackers to bypass;the Same Origin Policy and trigger namespace pollution via;unspecified vectors.;;CVE-2013-2860;Use-after-free vulnerability in Chromium before 27.0.1453.110;allows remote attackers to cause a denial of service or possibly;have unspecified other impact via vectors involving access to a;database API by a worker process.;;CVE-2013-2861;Use-after-free vulnerability in the SVG implementation in Chromium;before 27.0.1453.110 allows remote attackers to cause a;denial of service or possibly have unspecified other impact via;unknown vectors.;;CVE-2013-2862;Skia, as used in Chromium before 27.0.1453.110, does not;properly handle GPU acceleration, which allows remote attackers to;cause a denial of service (memory corruption) or possibly have;unspecified other impact via unknown vectors.;;CVE-2013-2863;Chromium before 27.0.1453.110 does not properly handle SSL;sockets, which allows remote attackers to execute arbitrary code or;cause a denial of service (memory corruption) via unspecified;vectors.;;CVE-2013-2865;Multiple unspecified vulnerabilities in Chromium before;27.0.1453.110 allow attackers to cause a denial of service or;possibly have other impact via unknown vectors.
Description:Summary:
Several vulnerabilities have been discovered in the Chromium web
browser.

CVE-2013-2855
The Developer Tools API in Chromium before 27.0.1453.110 allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors.

CVE-2013-2856
Use-after-free vulnerability in Chromium before 27.0.1453.110
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.

CVE-2013-2857
Use-after-free vulnerability in Chromium before 27.0.1453.110
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
images.

CVE-2013-2858
Use-after-free vulnerability in the HTML5 Audio implementation in
Chromium before 27.0.1453.110 allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors.

CVE-2013-2859
Chromium before 27.0.1453.110 allows remote attackers to bypass
the Same Origin Policy and trigger namespace pollution via
unspecified vectors.

CVE-2013-2860
Use-after-free vulnerability in Chromium before 27.0.1453.110
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors involving access to a
database API by a worker process.

CVE-2013-2861
Use-after-free vulnerability in the SVG implementation in Chromium
before 27.0.1453.110 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
unknown vectors.

CVE-2013-2862
Skia, as used in Chromium before 27.0.1453.110, does not
properly handle GPU acceleration, which allows remote attackers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.

CVE-2013-2863
Chromium before 27.0.1453.110 does not properly handle SSL
sockets, which allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via unspecified
vectors.

CVE-2013-2865
Multiple unspecified vulnerabilities in Chromium before
27.0.1453.110 allow attackers to cause a denial of service or
possibly have other impact via unknown vectors.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 27.0.1453.110-1~
deb7u1.

For the testing distribution (jessie), these problems have been fixed in
version 27.0.1453.110-1.

For the unstable distribution (sid), these problems have been fixed in
version 27.0.1453.110-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2865
Debian Security Information: DSA-2706 (Google Search)
http://www.debian.org/security/2013/dsa-2706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16541
Common Vulnerability Exposure (CVE) ID: CVE-2013-2855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16793
Common Vulnerability Exposure (CVE) ID: CVE-2013-2861
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16721
Common Vulnerability Exposure (CVE) ID: CVE-2013-2859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16640
Common Vulnerability Exposure (CVE) ID: CVE-2013-2856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16811
Common Vulnerability Exposure (CVE) ID: CVE-2013-2860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16890
Common Vulnerability Exposure (CVE) ID: CVE-2013-2862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16710
Common Vulnerability Exposure (CVE) ID: CVE-2013-2858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15909
Common Vulnerability Exposure (CVE) ID: CVE-2013-2863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16608
Common Vulnerability Exposure (CVE) ID: CVE-2013-2857
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16816
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.