Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.702785 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities) |
Summary: | Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2013-2906;Atte Kettunen of OUSPG discovered race conditions in Web Audio.;;CVE-2013-2907;Boris Zbarsky discovered an out-of-bounds read in window.prototype.;;CVE-2013-2908;Chamal de Silva discovered an address bar spoofing issue.;;CVE-2013-2909;Atte Kuttenen of OUSPG discovered a use-after-free issue in;inline-block.;;CVE-2013-2910;Byoungyoung Lee of the Georgia Tech Information Security Center;discovered a use-after-free issue in Web Audio.;;CVE-2013-2911;Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT;handling.;;CVE-2013-2912;Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a;use-after-free issue in the Pepper Plug-in API.;;CVE-2013-2913;cloudfuzzer discovered a use-after-free issue in Blink's XML;document parsing.;;CVE-2013-2915;Wander Groeneveld discovered an address bar spoofing issue.;;CVE-2013-2916;Masato Kinugawa discovered an address bar spoofing issue.;;CVE-2013-2917;Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read;issue in Web Audio.;;CVE-2013-2918;Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM;implementation.;;CVE-2013-2919;Adam Haile of Concrete Data discovered a memory corruption issue;in the V8 javascript library.;;CVE-2013-2920;Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL;host resolving.;;CVE-2013-2921;Byoungyoung Lee and Tielei Wang discovered a use-after-free issue;in resource loading.;;CVE-2013-2922;Jon Butler discovered a use-after-free issue in Blink's HTML;template element implementation.;;CVE-2013-2924;A use-after-free issue was discovered in the International;Components for Unicode (ICU) library.;;CVE-2013-2925;Atte Kettunen of OUSPG discover a use-after-free issue in Blink's;XML HTTP request implementation.;;CVE-2013-2926;cloudfuzzer discovered a use-after-free issue in the list indenting;implementation.;;CVE-2013-2927;cloudfuzzer discovered a use-after-free issue in the HTML form;submission implementation.;;CVE-2013-2923 and CVE-2013-2928;The chrome 30 development team found various issues from internal;fuzzing, audits, and other studies. |
Description: | Summary: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. CVE-2013-2908 Chamal de Silva discovered an address bar spoofing issue. CVE-2013-2909 Atte Kuttenen of OUSPG discovered a use-after-free issue in inline-block. CVE-2013-2910 Byoungyoung Lee of the Georgia Tech Information Security Center discovered a use-after-free issue in Web Audio. CVE-2013-2911 Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT handling. CVE-2013-2912 Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a use-after-free issue in the Pepper Plug-in API. CVE-2013-2913 cloudfuzzer discovered a use-after-free issue in Blink's XML document parsing. CVE-2013-2915 Wander Groeneveld discovered an address bar spoofing issue. CVE-2013-2916 Masato Kinugawa discovered an address bar spoofing issue. CVE-2013-2917 Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read issue in Web Audio. CVE-2013-2918 Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM implementation. CVE-2013-2919 Adam Haile of Concrete Data discovered a memory corruption issue in the V8 javascript library. CVE-2013-2920 Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL host resolving. CVE-2013-2921 Byoungyoung Lee and Tielei Wang discovered a use-after-free issue in resource loading. CVE-2013-2922 Jon Butler discovered a use-after-free issue in Blink's HTML template element implementation. CVE-2013-2924 A use-after-free issue was discovered in the International Components for Unicode (ICU) library. CVE-2013-2925 Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation. CVE-2013-2926 cloudfuzzer discovered a use-after-free issue in the list indenting implementation. CVE-2013-2927 cloudfuzzer discovered a use-after-free issue in the HTML form submission implementation. CVE-2013-2923 and CVE-2013-2928 The chrome 30 development team found various issues from internal fuzzing, audits, and other studies. Affected Software/OS: chromium-browser on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 30.0.1599.101-1~ deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 30.0.1599.101-1. We recommend that you upgrade your chromium-browser packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-2906 Debian Security Information: DSA-2785 (Google Search) http://www.debian.org/security/2013/dsa-2785 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013 SuSE Security Announcement: openSUSE-SU-2013:1556 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html SuSE Security Announcement: openSUSE-SU-2013:1861 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html SuSE Security Announcement: openSUSE-SU-2014:0065 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2927 http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155 SuSE Security Announcement: openSUSE-SU-2013:1729 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html SuSE Security Announcement: openSUSE-SU-2013:1776 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843 Common Vulnerability Exposure (CVE) ID: CVE-2013-2915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319 Common Vulnerability Exposure (CVE) ID: CVE-2013-2912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962 Common Vulnerability Exposure (CVE) ID: CVE-2013-2928 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19065 Common Vulnerability Exposure (CVE) ID: CVE-2013-2920 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451 Common Vulnerability Exposure (CVE) ID: CVE-2013-2919 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840 Common Vulnerability Exposure (CVE) ID: CVE-2013-2917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820 Common Vulnerability Exposure (CVE) ID: CVE-2013-2910 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812 Common Vulnerability Exposure (CVE) ID: CVE-2013-2908 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782 Common Vulnerability Exposure (CVE) ID: CVE-2013-2925 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866 Common Vulnerability Exposure (CVE) ID: CVE-2013-2922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358 Common Vulnerability Exposure (CVE) ID: CVE-2013-2923 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103 Common Vulnerability Exposure (CVE) ID: CVE-2013-2918 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839 Common Vulnerability Exposure (CVE) ID: CVE-2013-2924 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Debian Security Information: DSA-2786 (Google Search) http://www.debian.org/security/2013/dsa-2786 http://jvn.jp/en/jp/JVN85336306/index.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017 Common Vulnerability Exposure (CVE) ID: CVE-2013-2926 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18837 Common Vulnerability Exposure (CVE) ID: CVE-2013-2921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389 Common Vulnerability Exposure (CVE) ID: CVE-2013-2907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695 Common Vulnerability Exposure (CVE) ID: CVE-2013-2916 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968 Common Vulnerability Exposure (CVE) ID: CVE-2013-2909 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012 Common Vulnerability Exposure (CVE) ID: CVE-2013-2911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |