7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.034 Low
EPSS
Percentile
91.4%
The Stable Channel has been updated to 33.0.1750.117 for Windows, Mac, and Linux.
Security Fixes and Rewards
This update includes 28 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$2000][334897] HighCVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
[$1000][331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
[$3000][333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
[$3000][293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
[$500][331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
[$1000][331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil.
[$2000][322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
[$1000][306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
[332579] LowCVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.
As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.
General Announcements
Google Chrome Frame has been retired, please read our June 2013 Chromium blog post for additional details and background.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
Anthony Laforge
Google Chrome
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 33.0.1750.117 |