Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702785
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2013-2906;Atte Kettunen of OUSPG discovered race conditions in Web Audio.;;CVE-2013-2907;Boris Zbarsky discovered an out-of-bounds read in window.prototype.;;CVE-2013-2908;Chamal de Silva discovered an address bar spoofing issue.;;CVE-2013-2909;Atte Kuttenen of OUSPG discovered a use-after-free issue in;inline-block.;;CVE-2013-2910;Byoungyoung Lee of the Georgia Tech Information Security Center;discovered a use-after-free issue in Web Audio.;;CVE-2013-2911;Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT;handling.;;CVE-2013-2912;Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a;use-after-free issue in the Pepper Plug-in API.;;CVE-2013-2913;cloudfuzzer discovered a use-after-free issue in Blink's XML;document parsing.;;CVE-2013-2915;Wander Groeneveld discovered an address bar spoofing issue.;;CVE-2013-2916;Masato Kinugawa discovered an address bar spoofing issue.;;CVE-2013-2917;Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read;issue in Web Audio.;;CVE-2013-2918;Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM;implementation.;;CVE-2013-2919;Adam Haile of Concrete Data discovered a memory corruption issue;in the V8 javascript library.;;CVE-2013-2920;Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL;host resolving.;;CVE-2013-2921;Byoungyoung Lee and Tielei Wang discovered a use-after-free issue;in resource loading.;;CVE-2013-2922;Jon Butler discovered a use-after-free issue in Blink's HTML;template element implementation.;;CVE-2013-2924;A use-after-free issue was discovered in the International;Components for Unicode (ICU) library.;;CVE-2013-2925;Atte Kettunen of OUSPG discover a use-after-free issue in Blink's;XML HTTP request implementation.;;CVE-2013-2926;cloudfuzzer discovered a use-after-free issue in the list indenting;implementation.;;CVE-2013-2927;cloudfuzzer discovered a use-after-free issue in the HTML form;submission implementation.;;CVE-2013-2923 and CVE-2013-2928;The chrome 30 development team found various issues from internal;fuzzing, audits, and other studies.
Description:Summary:
Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-2906
Atte Kettunen of OUSPG discovered race conditions in Web Audio.

CVE-2013-2907
Boris Zbarsky discovered an out-of-bounds read in window.prototype.

CVE-2013-2908
Chamal de Silva discovered an address bar spoofing issue.

CVE-2013-2909
Atte Kuttenen of OUSPG discovered a use-after-free issue in
inline-block.

CVE-2013-2910
Byoungyoung Lee of the Georgia Tech Information Security Center
discovered a use-after-free issue in Web Audio.

CVE-2013-2911
Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT
handling.

CVE-2013-2912
Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a
use-after-free issue in the Pepper Plug-in API.

CVE-2013-2913
cloudfuzzer discovered a use-after-free issue in Blink's XML
document parsing.

CVE-2013-2915
Wander Groeneveld discovered an address bar spoofing issue.

CVE-2013-2916
Masato Kinugawa discovered an address bar spoofing issue.

CVE-2013-2917
Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read
issue in Web Audio.

CVE-2013-2918
Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM
implementation.

CVE-2013-2919
Adam Haile of Concrete Data discovered a memory corruption issue
in the V8 javascript library.

CVE-2013-2920
Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL
host resolving.

CVE-2013-2921
Byoungyoung Lee and Tielei Wang discovered a use-after-free issue
in resource loading.

CVE-2013-2922
Jon Butler discovered a use-after-free issue in Blink's HTML
template element implementation.

CVE-2013-2924
A use-after-free issue was discovered in the International
Components for Unicode (ICU) library.

CVE-2013-2925
Atte Kettunen of OUSPG discover a use-after-free issue in Blink's
XML HTTP request implementation.

CVE-2013-2926
cloudfuzzer discovered a use-after-free issue in the list indenting
implementation.

CVE-2013-2927
cloudfuzzer discovered a use-after-free issue in the HTML form
submission implementation.

CVE-2013-2923 and CVE-2013-2928
The chrome 30 development team found various issues from internal
fuzzing, audits, and other studies.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 30.0.1599.101-1~
deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 30.0.1599.101-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2906
Debian Security Information: DSA-2785 (Google Search)
http://www.debian.org/security/2013/dsa-2785
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013
SuSE Security Announcement: openSUSE-SU-2013:1556 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:1861 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0065 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2927
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155
SuSE Security Announcement: openSUSE-SU-2013:1729 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
SuSE Security Announcement: openSUSE-SU-2013:1776 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843
Common Vulnerability Exposure (CVE) ID: CVE-2013-2915
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319
Common Vulnerability Exposure (CVE) ID: CVE-2013-2912
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
Common Vulnerability Exposure (CVE) ID: CVE-2013-2928
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19065
Common Vulnerability Exposure (CVE) ID: CVE-2013-2920
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451
Common Vulnerability Exposure (CVE) ID: CVE-2013-2919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840
Common Vulnerability Exposure (CVE) ID: CVE-2013-2917
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820
Common Vulnerability Exposure (CVE) ID: CVE-2013-2910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812
Common Vulnerability Exposure (CVE) ID: CVE-2013-2908
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
Common Vulnerability Exposure (CVE) ID: CVE-2013-2925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866
Common Vulnerability Exposure (CVE) ID: CVE-2013-2922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358
Common Vulnerability Exposure (CVE) ID: CVE-2013-2923
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103
Common Vulnerability Exposure (CVE) ID: CVE-2013-2918
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
Common Vulnerability Exposure (CVE) ID: CVE-2013-2924
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Debian Security Information: DSA-2786 (Google Search)
http://www.debian.org/security/2013/dsa-2786
http://jvn.jp/en/jp/JVN85336306/index.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017
Common Vulnerability Exposure (CVE) ID: CVE-2013-2926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18837
Common Vulnerability Exposure (CVE) ID: CVE-2013-2921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389
Common Vulnerability Exposure (CVE) ID: CVE-2013-2907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695
Common Vulnerability Exposure (CVE) ID: CVE-2013-2916
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968
Common Vulnerability Exposure (CVE) ID: CVE-2013-2909
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012
Common Vulnerability Exposure (CVE) ID: CVE-2013-2911
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.