Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702724
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2724-1 (chromium-browser - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in the Chromium web browser.;;CVE-2013-2853;The HTTPS implementation does not ensure that headers are terminated;by \r\n\r\n (carriage return, newline, carriage return, newline).;;CVE-2013-2867;Chrome does not properly prevent pop-under windows.;;CVE-2013-2868;common/extensions/sync_helper.cc proceeds with sync operations for;NPAPI extensions without checking for a certain plugin permission;setting.;;CVE-2013-2869;Denial of service (out-of-bounds read) via a crafted JPEG2000;image.;;CVE-2013-2870;Use-after-free vulnerability in network sockets.;;CVE-2013-2871;Use-after-free vulnerability in input handling.;;CVE-2013-2873;Use-after-free vulnerability in resource loading.;;CVE-2013-2875;Out-of-bounds read in SVG file handling.;;CVE-2013-2876;Chromium does not properly enforce restrictions on the capture of;screenshots by extensions, which could lead to information;disclosure from previous page visits.;;CVE-2013-2877;Out-of-bounds read in XML file handling.;;CVE-2013-2878;Out-of-bounds read in text handling.;;CVE-2013-2879;The circumstances in which a renderer process can be considered a;trusted process for sign-in and subsequent sync operations were;not properly checked.;;CVE-2013-2880;The Chromium 28 development team found various issues from internal;fuzzing, audits, and other studies.
Description:Summary:
Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2853
The HTTPS implementation does not ensure that headers are terminated
by \r\n\r\n (carriage return, newline, carriage return, newline).

CVE-2013-2867
Chrome does not properly prevent pop-under windows.

CVE-2013-2868
common/extensions/sync_helper.cc proceeds with sync operations for
NPAPI extensions without checking for a certain plugin permission
setting.

CVE-2013-2869
Denial of service (out-of-bounds read) via a crafted JPEG2000
image.

CVE-2013-2870
Use-after-free vulnerability in network sockets.

CVE-2013-2871
Use-after-free vulnerability in input handling.

CVE-2013-2873
Use-after-free vulnerability in resource loading.

CVE-2013-2875
Out-of-bounds read in SVG file handling.

CVE-2013-2876
Chromium does not properly enforce restrictions on the capture of
screenshots by extensions, which could lead to information
disclosure from previous page visits.

CVE-2013-2877
Out-of-bounds read in XML file handling.

CVE-2013-2878
Out-of-bounds read in text handling.

CVE-2013-2879
The circumstances in which a renderer process can be considered a
trusted process for sign-in and subsequent sync operations were
not properly checked.

CVE-2013-2880
The Chromium 28 development team found various issues from internal
fuzzing, audits, and other studies.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 28.0.1500.71-1~
deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 28.0.1500.71-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2877
BugTraq ID: 61050
http://www.securityfocus.com/bid/61050
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2724 (Google Search)
http://www.debian.org/security/2013/dsa-2724
Debian Security Information: DSA-2779 (Google Search)
http://www.debian.org/security/2013/dsa-2779
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:1221 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
SuSE Security Announcement: openSUSE-SU-2013:1246 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2871
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17275
Common Vulnerability Exposure (CVE) ID: CVE-2013-2853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033
Common Vulnerability Exposure (CVE) ID: CVE-2013-2876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17350
Common Vulnerability Exposure (CVE) ID: CVE-2013-2867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17216
Common Vulnerability Exposure (CVE) ID: CVE-2013-2875
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17227
Common Vulnerability Exposure (CVE) ID: CVE-2013-2870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723
Common Vulnerability Exposure (CVE) ID: CVE-2013-2868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17347
Common Vulnerability Exposure (CVE) ID: CVE-2013-2879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177
Common Vulnerability Exposure (CVE) ID: CVE-2013-2878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17318
Common Vulnerability Exposure (CVE) ID: CVE-2013-2880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17281
Common Vulnerability Exposure (CVE) ID: CVE-2013-2869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17278
Common Vulnerability Exposure (CVE) ID: CVE-2013-2873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17371
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.