Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.702883 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2883-1 (chromium-browser - security update) |
Summary: | Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2013-6653;Khalil Zhani discovered a use-after-free issue in chromium's web;contents color chooser.;;CVE-2013-6654;TheShow3511 discovered an issue in SVG handling.;;CVE-2013-6655;cloudfuzzer discovered a use-after-free issue in dom event handling.;;CVE-2013-6656;NeexEmil discovered an information leak in the XSS auditor.;;CVE-2013-6657;NeexEmil discovered a way to bypass the Same Origin policy in the;XSS auditor.;;CVE-2013-6658;cloudfuzzer discovered multiple use-after-free issues surrounding;the updateWidgetPositions function.;;CVE-2013-6659;Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that;it was possible to trigger an unexpected certificate chain during;TLS renegotiation.;;CVE-2013-6660;bishopjeffreys discovered an information leak in the drag and drop;implementation.;;CVE-2013-6661;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.117.;;CVE-2013-6663;Atte Kettunen discovered a use-after-free issue in SVG handling.;;CVE-2013-6664;Khalil Zhani discovered a use-after-free issue in the speech;recognition feature.;;CVE-2013-6665;cloudfuzzer discovered a buffer overflow issue in the software;renderer.;;CVE-2013-6666;netfuzzer discovered a restriction bypass in the Pepper Flash;plugin.;;CVE-2013-6667;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.146.;;CVE-2013-6668;Multiple vulnerabilities were fixed in version 3.24.35.10 of;the V8 javascript library.;;CVE-2014-1700;Chamal de Silva discovered a use-after-free issue in speech;synthesis.;;CVE-2014-1701;aidanhs discovered a cross-site scripting issue in event handling.;;CVE-2014-1702;Colin Payne discovered a use-after-free issue in the web database;implementation.;;CVE-2014-1703;VUPEN discovered a use-after-free issue in web sockets that;could lead to a sandbox escape.;;CVE-2014-1704;Multiple vulnerabilities were fixed in version 3.23.17.18 of;the V8 javascript library.;;CVE-2014-1705;A memory corruption issue was discovered in the V8 javascript;library.;;CVE-2014-1713;A use-after-free issue was discovered in the AttributeSetter;function.;;CVE-2014-1715;A directory traversal issue was found and fixed. |
Description: | Summary: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. Affected Software/OS: chromium-browser on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~ deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. We recommend that you upgrade your chromium-browser packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-6653 Debian Security Information: DSA-2883 (Google Search) http://www.debian.org/security/2014/dsa-2883 SuSE Security Announcement: openSUSE-SU-2014:0327 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6654 Common Vulnerability Exposure (CVE) ID: CVE-2013-6655 Common Vulnerability Exposure (CVE) ID: CVE-2013-6656 Common Vulnerability Exposure (CVE) ID: CVE-2013-6657 Common Vulnerability Exposure (CVE) ID: CVE-2013-6658 Common Vulnerability Exposure (CVE) ID: CVE-2013-6659 Common Vulnerability Exposure (CVE) ID: CVE-2013-6660 Common Vulnerability Exposure (CVE) ID: CVE-2013-6661 Common Vulnerability Exposure (CVE) ID: CVE-2013-6663 http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html BugTraq ID: 65930 http://www.securityfocus.com/bid/65930 http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 Common Vulnerability Exposure (CVE) ID: CVE-2013-6664 Common Vulnerability Exposure (CVE) ID: CVE-2013-6665 Common Vulnerability Exposure (CVE) ID: CVE-2013-6666 Common Vulnerability Exposure (CVE) ID: CVE-2013-6667 Common Vulnerability Exposure (CVE) ID: CVE-2013-6668 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 http://secunia.com/advisories/61184 Common Vulnerability Exposure (CVE) ID: CVE-2014-1700 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.securitytracker.com/id/1029914 SuSE Security Announcement: openSUSE-SU-2014:0501 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1701 Common Vulnerability Exposure (CVE) ID: CVE-2014-1702 Common Vulnerability Exposure (CVE) ID: CVE-2014-1703 Common Vulnerability Exposure (CVE) ID: CVE-2014-1704 Common Vulnerability Exposure (CVE) ID: CVE-2014-1705 Common Vulnerability Exposure (CVE) ID: CVE-2014-1713 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html Bugtraq: 20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1715 BugTraq ID: 66249 http://www.securityfocus.com/bid/66249 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |