Test ID:	1.3.6.1.4.1.25623.1.0.702883
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2883-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2883-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2883-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~ deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6653 Debian Security Information: DSA-2883 (Google Search) http://www.debian.org/security/2014/dsa-2883 SuSE Security Announcement: openSUSE-SU-2014:0327 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6654 Common Vulnerability Exposure (CVE) ID: CVE-2013-6655 Common Vulnerability Exposure (CVE) ID: CVE-2013-6656 Common Vulnerability Exposure (CVE) ID: CVE-2013-6657 Common Vulnerability Exposure (CVE) ID: CVE-2013-6658 Common Vulnerability Exposure (CVE) ID: CVE-2013-6659 Common Vulnerability Exposure (CVE) ID: CVE-2013-6660 Common Vulnerability Exposure (CVE) ID: CVE-2013-6661 Common Vulnerability Exposure (CVE) ID: CVE-2013-6663 http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html BugTraq ID: 65930 http://www.securityfocus.com/bid/65930 http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 Common Vulnerability Exposure (CVE) ID: CVE-2013-6664 Common Vulnerability Exposure (CVE) ID: CVE-2013-6665 Common Vulnerability Exposure (CVE) ID: CVE-2013-6666 Common Vulnerability Exposure (CVE) ID: CVE-2013-6667 Common Vulnerability Exposure (CVE) ID: CVE-2013-6668 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 http://secunia.com/advisories/61184 Common Vulnerability Exposure (CVE) ID: CVE-2014-1700 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.securitytracker.com/id/1029914 SuSE Security Announcement: openSUSE-SU-2014:0501 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1701 Common Vulnerability Exposure (CVE) ID: CVE-2014-1702 Common Vulnerability Exposure (CVE) ID: CVE-2014-1703 Common Vulnerability Exposure (CVE) ID: CVE-2014-1704 Common Vulnerability Exposure (CVE) ID: CVE-2014-1705 Common Vulnerability Exposure (CVE) ID: CVE-2014-1713 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html Bugtraq: 20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1715 BugTraq ID: 66249 http://www.securityfocus.com/bid/66249
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.