Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702883
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2883-1 (chromium-browser - security update)
Summary:Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2013-6653;Khalil Zhani discovered a use-after-free issue in chromium's web;contents color chooser.;;CVE-2013-6654;TheShow3511 discovered an issue in SVG handling.;;CVE-2013-6655;cloudfuzzer discovered a use-after-free issue in dom event handling.;;CVE-2013-6656;NeexEmil discovered an information leak in the XSS auditor.;;CVE-2013-6657;NeexEmil discovered a way to bypass the Same Origin policy in the;XSS auditor.;;CVE-2013-6658;cloudfuzzer discovered multiple use-after-free issues surrounding;the updateWidgetPositions function.;;CVE-2013-6659;Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that;it was possible to trigger an unexpected certificate chain during;TLS renegotiation.;;CVE-2013-6660;bishopjeffreys discovered an information leak in the drag and drop;implementation.;;CVE-2013-6661;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.117.;;CVE-2013-6663;Atte Kettunen discovered a use-after-free issue in SVG handling.;;CVE-2013-6664;Khalil Zhani discovered a use-after-free issue in the speech;recognition feature.;;CVE-2013-6665;cloudfuzzer discovered a buffer overflow issue in the software;renderer.;;CVE-2013-6666;netfuzzer discovered a restriction bypass in the Pepper Flash;plugin.;;CVE-2013-6667;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.146.;;CVE-2013-6668;Multiple vulnerabilities were fixed in version 3.24.35.10 of;the V8 javascript library.;;CVE-2014-1700;Chamal de Silva discovered a use-after-free issue in speech;synthesis.;;CVE-2014-1701;aidanhs discovered a cross-site scripting issue in event handling.;;CVE-2014-1702;Colin Payne discovered a use-after-free issue in the web database;implementation.;;CVE-2014-1703;VUPEN discovered a use-after-free issue in web sockets that;could lead to a sandbox escape.;;CVE-2014-1704;Multiple vulnerabilities were fixed in version 3.23.17.18 of;the V8 javascript library.;;CVE-2014-1705;A memory corruption issue was discovered in the V8 javascript;library.;;CVE-2014-1713;A use-after-free issue was discovered in the AttributeSetter;function.;;CVE-2014-1715;A directory traversal issue was found and fixed.
Description:Summary:
Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-6653
Khalil Zhani discovered a use-after-free issue in chromium's web
contents color chooser.

CVE-2013-6654
TheShow3511 discovered an issue in SVG handling.

CVE-2013-6655
cloudfuzzer discovered a use-after-free issue in dom event handling.

CVE-2013-6656
NeexEmil discovered an information leak in the XSS auditor.

CVE-2013-6657
NeexEmil discovered a way to bypass the Same Origin policy in the
XSS auditor.

CVE-2013-6658
cloudfuzzer discovered multiple use-after-free issues surrounding
the updateWidgetPositions function.

CVE-2013-6659
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to trigger an unexpected certificate chain during
TLS renegotiation.

CVE-2013-6660
bishopjeffreys discovered an information leak in the drag and drop
implementation.

CVE-2013-6661
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.117.

CVE-2013-6663
Atte Kettunen discovered a use-after-free issue in SVG handling.

CVE-2013-6664
Khalil Zhani discovered a use-after-free issue in the speech
recognition feature.

CVE-2013-6665
cloudfuzzer discovered a buffer overflow issue in the software
renderer.

CVE-2013-6666
netfuzzer discovered a restriction bypass in the Pepper Flash
plugin.

CVE-2013-6667
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.146.

CVE-2013-6668
Multiple vulnerabilities were fixed in version 3.24.35.10 of
the V8 javascript library.

CVE-2014-1700
Chamal de Silva discovered a use-after-free issue in speech
synthesis.

CVE-2014-1701
aidanhs discovered a cross-site scripting issue in event handling.

CVE-2014-1702
Colin Payne discovered a use-after-free issue in the web database
implementation.

CVE-2014-1703
VUPEN discovered a use-after-free issue in web sockets that
could lead to a sandbox escape.

CVE-2014-1704
Multiple vulnerabilities were fixed in version 3.23.17.18 of
the V8 javascript library.

CVE-2014-1705
A memory corruption issue was discovered in the V8 javascript
library.

CVE-2014-1713
A use-after-free issue was discovered in the AttributeSetter
function.

CVE-2014-1715
A directory traversal issue was found and fixed.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 33.0.1750.152-1~
deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 33.0.1750.152-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-6653
Debian Security Information: DSA-2883 (Google Search)
http://www.debian.org/security/2014/dsa-2883
SuSE Security Announcement: openSUSE-SU-2014:0327 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6654
Common Vulnerability Exposure (CVE) ID: CVE-2013-6655
Common Vulnerability Exposure (CVE) ID: CVE-2013-6656
Common Vulnerability Exposure (CVE) ID: CVE-2013-6657
Common Vulnerability Exposure (CVE) ID: CVE-2013-6658
Common Vulnerability Exposure (CVE) ID: CVE-2013-6659
Common Vulnerability Exposure (CVE) ID: CVE-2013-6660
Common Vulnerability Exposure (CVE) ID: CVE-2013-6661
Common Vulnerability Exposure (CVE) ID: CVE-2013-6663
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
BugTraq ID: 65930
http://www.securityfocus.com/bid/65930
http://secunia.com/advisories/61306
http://secunia.com/advisories/61318
Common Vulnerability Exposure (CVE) ID: CVE-2013-6664
Common Vulnerability Exposure (CVE) ID: CVE-2013-6665
Common Vulnerability Exposure (CVE) ID: CVE-2013-6666
Common Vulnerability Exposure (CVE) ID: CVE-2013-6667
Common Vulnerability Exposure (CVE) ID: CVE-2013-6668
http://www.mandriva.com/security/advisories?name=MDVSA-2015:142
http://secunia.com/advisories/61184
Common Vulnerability Exposure (CVE) ID: CVE-2014-1700
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.securitytracker.com/id/1029914
SuSE Security Announcement: openSUSE-SU-2014:0501 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-1701
Common Vulnerability Exposure (CVE) ID: CVE-2014-1702
Common Vulnerability Exposure (CVE) ID: CVE-2014-1703
Common Vulnerability Exposure (CVE) ID: CVE-2014-1704
Common Vulnerability Exposure (CVE) ID: CVE-2014-1705
Common Vulnerability Exposure (CVE) ID: CVE-2014-1713
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
Bugtraq: 20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-1715
BugTraq ID: 66249
http://www.securityfocus.com/bid/66249
CopyrightCopyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.