ID CVE-2013-2911 Type cve Reporter cve@mitre.org Modified 2017-09-19T01:36:00
Description
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
{"openvas": [{"lastseen": "2020-04-23T19:05:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-08T00:00:00", "id": "OPENVAS:1361412562310804107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804107", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 Oct2013 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 Oct2013 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804107\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2922\",\n \"CVE-2013-2921\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2919\", \"CVE-2013-2918\", \"CVE-2013-2917\", \"CVE-2013-2916\",\n \"CVE-2013-2915\", \"CVE-2013-2920\");\n script_bugtraq_id(62752);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-08 06:27:23 +0530 (Tue, 08 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Oct2013 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.66 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws exists, For more details refer the reference section.\");\n script_tag(name:\"affected\", value:\"Google Chrome version before 30.0.1599.66 on Linux\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice and to spoof the address bar or possibly have unspecified other\nimpacts via some known or unknown vectors.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/55087\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/61885\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.66\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.66\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-08T00:00:00", "id": "OPENVAS:1361412562310804106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804106", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 Oct2013 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 Oct2013 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804106\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2922\",\n \"CVE-2013-2921\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2919\", \"CVE-2013-2918\", \"CVE-2013-2917\", \"CVE-2013-2916\",\n \"CVE-2013-2915\", \"CVE-2013-2920\");\n script_bugtraq_id(62752);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-08 11:27:23 +0530 (Tue, 08 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Oct2013 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.66 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws exists, For more details refer the reference section.\");\n script_tag(name:\"affected\", value:\"Google Chrome version before 30.0.1599.66 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice and to spoof the address bar or possibly have unspecified other\nimpacts via some known or unknown vectors.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/55087\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/61885\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.66\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.66\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:40:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-11-19T00:00:00", "id": "OPENVAS:1361412562310850536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850536", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1556-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850536\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-11-19 14:05:59 +0530 (Tue, 19 Nov 2013)\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\",\n \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\",\n \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1556-1)\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE 12.2\");\n\n script_tag(name:\"insight\", value:\"Update to Chromium 30.0.1599.66:\n\n - Easier searching by image\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n 204 No Content status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: Address bar spoofing related to the 204\n No Content status code\n + CVE-2013-2917: Out of bounds read in Web Audio\n + CVE-2013-2918: Use-after-free in DOM\n + CVE-2013-2919: Memory corruption in V8\n + CVE-2013-2920: Out of bounds read in URL parsing\n + CVE-2013-2921: Use-after-free in resource loader\n + CVE-2013-2922: Use-after-free in template element\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n - Add patch chromium-fix-altgrkeys.diff\n\n - Make sure that AltGr is treated correctly\n (issue#296835)\n\n - Do not build with system libxml (bnc#825157)\n\n - Update to Chromium 31.0.1640.0\n\n * Bug and Stability Fixes\n\n - Fix destkop file for chromium by removing extension from\n icon\n\n - Change the methodology for the Chromium packages. Build\n is now based on an official tarball. As soon as the Beta\n channel catches up with the current version, Chromium\n will be based on the Beta channel instead of svn\n snapshots\n\n - Update to 31.0.1632\n\n * Bug and Stability fixes\n\n - Added the flag --enable-threaded-compositing to the\n startup script. This flag seems to be required when\n hardware acceleration is in use. This prevents websites\n from locking up on users in certain cases.\n\n - Update to 31.0.1627\n\n * Bug and Stability fixes\n\n - Update to 31.0.1619\n\n * bug and Stability fixes\n\n - require mozilla-nss-devel = 3.14 and mozilla-nspr-devel\n = 4.9.5\n\n - Add patch exclude_ymp.diff to ensure that 1-click-install\n files are downloaded and NOT opened (bnc#836059)\n\n - Update to 31.0.1611\n\n * Bug and stability fixes\n\n - Update to 31.0.1605\n\n * Bug and stability fixes\n\n - Change the startup script so that Chromium will not\n start when the chrome_sandbox doesn't have the SETUID.\n (bnc#779 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:1556-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.2\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-07T00:00:00", "id": "OPENVAS:1361412562310804105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804105", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 Oct2013 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 Oct2013 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804105\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2922\",\n \"CVE-2013-2921\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2914\", \"CVE-2013-2919\", \"CVE-2013-2918\", \"CVE-2013-2917\",\n \"CVE-2013-2916\", \"CVE-2013-2915\", \"CVE-2013-2920\");\n script_bugtraq_id(62752);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-07 14:27:23 +0530 (Mon, 07 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Oct2013 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.66 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws exists, For more details refer the reference section.\");\n script_tag(name:\"affected\", value:\"Google Chrome version before 30.0.1599.66 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice and to spoof the address bar or possibly have unspecified other\nimpacts via some known or unknown vectors.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/55087\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/61885\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.66\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.66\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-12T11:14:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "Check for the Version of chromium", "modified": "2017-12-08T00:00:00", "published": "2013-11-19T00:00:00", "id": "OPENVAS:850536", "href": "http://plugins.openvas.org/nasl.php?oid=850536", "type": "openvas", "title": "SuSE Update for chromium openSUSE-SU-2013:1556-1 (chromium)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1556_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for chromium openSUSE-SU-2013:1556-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850536);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-19 14:05:59 +0530 (Tue, 19 Nov 2013)\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\",\n \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\",\n \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2013:1556-1 (chromium)\");\n\n tag_insight = \"\n Update to Chromium 30.0.1599.66:\n - Easier searching by image\n - A number of new apps/extension APIs\n - Lots of under the hood changes for stability and\n performance\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n 204 No Content status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: Address bar spoofing related to the 204\n No Content status code\n + CVE-2013-2917: Out of bounds read in Web Audio\n + CVE-2013-2918: Use-after-free in DOM\n + CVE-2013-2919: Memory corruption in V8\n + CVE-2013-2920: Out of bounds read in URL parsing\n + CVE-2013-2921: Use-after-free in resource loader\n + CVE-2013-2922: Use-after-free in template element\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n - Add patch chromium-fix-altgrkeys.diff\n - Make sure that AltGr is treated correctly\n (issue#296835)\n\n - Do not build with system libxml (bnc#825157)\n\n - Update to Chromium 31.0.1640.0\n * Bug and Stability Fixes\n - Fix destkop file for chromium by removing extension from\n icon\n - Change the methodology for the Chromium packages. Build\n is now based on an official tarball. As soon as the Beta\n channel catches up with the current version, Chromium\n will be based on the Beta channel instead of svn\n snapshots\n\n - Update to 31.0.1632\n * Bug and Stability fixes\n - Added the flag --enable-threaded-compositing to the\n startup script. This flag seems to be required when\n hardware acceleration is in use. This prevents websites\n from locking up on users in certain cases.\n\n - Update to 31.0.1627\n * Bug and Stability fixes\n\n - Update to 31.0.1619\n * bug and Stability fixes\n\n - require mozilla-nss-devel = 3.14 and mozilla-nspr-devel\n = 4.9.5\n\n - Add patch exclude_ymp.diff to ensure that 1-click-install\n files are downloaded and NOT opened (bnc#836059)\n\n - Update to 31.0.1611\n * Bug and stability fixes\n\n - Update to 31.0.1605\n * Bug and stability fixes\n\n - Change the startup script so that Chromium will not\n start when the chrome_sandbox doesn't have the SETUID.\n (bnc#779 ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"chromium on openSUSE 12.2\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:1556_1\");\n script_summary(\"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~30.0.1599.66~1.46.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918", "CVE-2013-2928"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-2906\nAtte Kettunen of OUSPG discovered race conditions in Web Audio.\n\nCVE-2013-2907\nBoris Zbarsky discovered an out-of-bounds read in window.prototype.\n\nCVE-2013-2908\nChamal de Silva discovered an address bar spoofing issue.\n\nCVE-2013-2909\nAtte Kuttenen of OUSPG discovered a use-after-free issue in\ninline-block.\n\nCVE-2013-2910\nByoungyoung Lee of the Georgia Tech Information Security Center\ndiscovered a use-after-free issue in Web Audio.\n\nCVE-2013-2911\nAtte Kettunen of OUSPG discovered a use-after-free in Blink", "modified": "2019-03-18T00:00:00", "published": "2013-10-26T00:00:00", "id": "OPENVAS:1361412562310892794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892794", "type": "openvas", "title": "Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2785.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2785-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892794\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2927\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2912\", \"CVE-2013-2928\", \"CVE-2013-2920\", \"CVE-2013-2919\", \"CVE-2013-2917\", \"CVE-2013-2910\", \"CVE-2013-2908\", \"CVE-2013-2925\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2918\", \"CVE-2013-2924\", \"CVE-2013-2926\", \"CVE-2013-2921\", \"CVE-2013-2907\", \"CVE-2013-2916\", \"CVE-2013-2909\", \"CVE-2013-2911\");\n script_name(\"Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-26 00:00:00 +0200 (Sat, 26 Oct 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2785.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 30.0.1599.101-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 30.0.1599.101-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-2906\nAtte Kettunen of OUSPG discovered race conditions in Web Audio.\n\nCVE-2013-2907\nBoris Zbarsky discovered an out-of-bounds read in window.prototype.\n\nCVE-2013-2908\nChamal de Silva discovered an address bar spoofing issue.\n\nCVE-2013-2909\nAtte Kuttenen of OUSPG discovered a use-after-free issue in\ninline-block.\n\nCVE-2013-2910\nByoungyoung Lee of the Georgia Tech Information Security Center\ndiscovered a use-after-free issue in Web Audio.\n\nCVE-2013-2911\nAtte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT\nhandling.\n\nCVE-2013-2912\nChamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a\nuse-after-free issue in the Pepper Plug-in API.\n\nCVE-2013-2913\ncloudfuzzer discovered a use-after-free issue in Blink's XML\ndocument parsing.\n\nCVE-2013-2915\nWander Groeneveld discovered an address bar spoofing issue.\n\nCVE-2013-2916\nMasato Kinugawa discovered an address bar spoofing issue.\n\nCVE-2013-2917\nByoungyoung Lee and Tielei Wang discovered an out-of-bounds read\nissue in Web Audio.\n\nCVE-2013-2918\nByoungyoung Lee discoverd an out-of-bounds read in Blink's DOM\nimplementation.\n\nCVE-2013-2919\nAdam Haile of Concrete Data discovered a memory corruption issue\nin the V8 javascript library.\n\nCVE-2013-2920\nAtte Kuttunen of OUSPG discovered an out-of-bounds read in URL\nhost resolving.\n\nCVE-2013-2921\nByoungyoung Lee and Tielei Wang discovered a use-after-free issue\nin resource loading.\n\nCVE-2013-2922\nJon Butler discovered a use-after-free issue in Blink's HTML\ntemplate element implementation.\n\nCVE-2013-2924\nA use-after-free issue was discovered in the International\nComponents for Unicode (ICU) library.\n\nCVE-2013-2925\nAtte Kettunen of OUSPG discover a use-after-free issue in Blink's\nXML HTTP request implementation.\n\nCVE-2013-2926\ncloudfuzzer discovered a use-after-free issue in the list indenting\nimplementation.\n\nCVE-2013-2927\ncloudfuzzer discovered a use-after-free issue in the HTML form\nsubmission implementation.\n\nCVE-2013-2923 and CVE-2013-2928\nThe chrome 30 development team found various issues from internal\nfuzzing, audits, and other studies.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918", "CVE-2013-2928"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-2906 \nAtte Kettunen of OUSPG discovered race conditions in Web Audio.\n\nCVE-2013-2907 \nBoris Zbarsky discovered an out-of-bounds read in window.prototype.\n\nCVE-2013-2908 \nChamal de Silva discovered an address bar spoofing issue.\n\nCVE-2013-2909 \nAtte Kuttenen of OUSPG discovered a use-after-free issue in\ninline-block.\n\nCVE-2013-2910 \nByoungyoung Lee of the Georgia Tech Information Security Center\ndiscovered a use-after-free issue in Web Audio.\n\nCVE-2013-2911 \nAtte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT\nhandling.\n\nCVE-2013-2912 \nChamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a\nuse-after-free issue in the Pepper Plug-in API.\n\nCVE-2013-2913 \ncloudfuzzer discovered a use-after-free issue in Blink's XML\ndocument parsing.\n\nCVE-2013-2915 \nWander Groeneveld discovered an address bar spoofing issue.\n\nCVE-2013-2916 \nMasato Kinugawa discovered an address bar spoofing issue.\n\nCVE-2013-2917 \nByoungyoung Lee and Tielei Wang discovered an out-of-bounds read\nissue in Web Audio.\n\nCVE-2013-2918 \nByoungyoung Lee discoverd an out-of-bounds read in Blink's DOM\nimplementation.\n\nCVE-2013-2919 \nAdam Haile of Concrete Data discovered a memory corruption issue\nin the V8 javascript library.\n\nCVE-2013-2920 \nAtte Kuttunen of OUSPG discovered an out-of-bounds read in URL\nhost resolving.\n\nCVE-2013-2921 \nByoungyoung Lee and Tielei Wang discovered a use-after-free issue\nin resource loading.\n\nCVE-2013-2922 \nJon Butler discovered a use-after-free issue in Blink's HTML\ntemplate element implementation.\n\nCVE-2013-2924 \nA use-after-free issue was discovered in the International\nComponents for Unicode (ICU) library. \n\nCVE-2013-2925 \nAtte Kettunen of OUSPG discover a use-after-free issue in Blink's\nXML HTTP request implementation.\n\nCVE-2013-2926 \ncloudfuzzer discovered a use-after-free issue in the list indenting\nimplementation.\n\nCVE-2013-2927 \ncloudfuzzer discovered a use-after-free issue in the HTML form\nsubmission implementation. \n\nCVE-2013-2923 and CVE-2013-2928 \nThe chrome 30 development team found various issues from internal\nfuzzing, audits, and other studies.", "modified": "2017-07-07T00:00:00", "published": "2013-10-26T00:00:00", "id": "OPENVAS:892794", "href": "http://plugins.openvas.org/nasl.php?oid=892794", "type": "openvas", "title": "Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2785.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2785-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 30.0.1599.101-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 30.0.1599.101-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-2906 \nAtte Kettunen of OUSPG discovered race conditions in Web Audio.\n\nCVE-2013-2907 \nBoris Zbarsky discovered an out-of-bounds read in window.prototype.\n\nCVE-2013-2908 \nChamal de Silva discovered an address bar spoofing issue.\n\nCVE-2013-2909 \nAtte Kuttenen of OUSPG discovered a use-after-free issue in\ninline-block.\n\nCVE-2013-2910 \nByoungyoung Lee of the Georgia Tech Information Security Center\ndiscovered a use-after-free issue in Web Audio.\n\nCVE-2013-2911 \nAtte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT\nhandling.\n\nCVE-2013-2912 \nChamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a\nuse-after-free issue in the Pepper Plug-in API.\n\nCVE-2013-2913 \ncloudfuzzer discovered a use-after-free issue in Blink's XML\ndocument parsing.\n\nCVE-2013-2915 \nWander Groeneveld discovered an address bar spoofing issue.\n\nCVE-2013-2916 \nMasato Kinugawa discovered an address bar spoofing issue.\n\nCVE-2013-2917 \nByoungyoung Lee and Tielei Wang discovered an out-of-bounds read\nissue in Web Audio.\n\nCVE-2013-2918 \nByoungyoung Lee discoverd an out-of-bounds read in Blink's DOM\nimplementation.\n\nCVE-2013-2919 \nAdam Haile of Concrete Data discovered a memory corruption issue\nin the V8 javascript library.\n\nCVE-2013-2920 \nAtte Kuttunen of OUSPG discovered an out-of-bounds read in URL\nhost resolving.\n\nCVE-2013-2921 \nByoungyoung Lee and Tielei Wang discovered a use-after-free issue\nin resource loading.\n\nCVE-2013-2922 \nJon Butler discovered a use-after-free issue in Blink's HTML\ntemplate element implementation.\n\nCVE-2013-2924 \nA use-after-free issue was discovered in the International\nComponents for Unicode (ICU) library. \n\nCVE-2013-2925 \nAtte Kettunen of OUSPG discover a use-after-free issue in Blink's\nXML HTTP request implementation.\n\nCVE-2013-2926 \ncloudfuzzer discovered a use-after-free issue in the list indenting\nimplementation.\n\nCVE-2013-2927 \ncloudfuzzer discovered a use-after-free issue in the HTML form\nsubmission implementation. \n\nCVE-2013-2923 and CVE-2013-2928 \nThe chrome 30 development team found various issues from internal\nfuzzing, audits, and other studies.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892794);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2927\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2912\", \"CVE-2013-2928\", \"CVE-2013-2920\", \"CVE-2013-2919\", \"CVE-2013-2917\", \"CVE-2013-2910\", \"CVE-2013-2908\", \"CVE-2013-2925\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2918\", \"CVE-2013-2924\", \"CVE-2013-2926\", \"CVE-2013-2921\", \"CVE-2013-2907\", \"CVE-2013-2916\", \"CVE-2013-2909\", \"CVE-2013-2911\");\n script_name(\"Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-10-26 00:00:00 +0200 (Sat, 26 Oct 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2785.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"30.0.1599.101-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2931", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-6631", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6622", "CVE-2013-2918", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310850558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850558", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1861-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850558\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:01:59 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\",\n \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\",\n \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2925\",\n \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\",\n \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\",\n \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\",\n \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\", \"CVE-2013-6632\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1861-1)\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 31.0.1650.57: Stable channel update:\n\n - Security Fixes:\n\n * CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n\n - Security fixes:\n\n * CVE-2013-6621: Use after free related to speech input\n elements..\n\n * CVE-2013-6622: Use after free related to media\n elements.\n\n * CVE-2013-6623: Out of bounds read in SVG.\n\n * CVE-2013-6624: Use after free related to id\n attribute strings.\n\n * CVE-2013-6625: Use after free in DOM ranges.\n\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n * CVE-2013-6631: Use after free in libjingle.\n\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium.\n\n * Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n\n - Easier searching by image\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n 204 No Content status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:1861-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:14:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2931", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-6631", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6622", "CVE-2013-2918", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "Check for the Version of chromium", "modified": "2017-12-08T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:850558", "href": "http://plugins.openvas.org/nasl.php?oid=850558", "type": "openvas", "title": "SuSE Update for chromium openSUSE-SU-2013:1861-1 (chromium)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1861_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for chromium openSUSE-SU-2013:1861-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850558);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:01:59 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\",\n \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\",\n \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\",\n \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\",\n \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2925\",\n \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\",\n \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\",\n \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\",\n \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\", \"CVE-2013-6632\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2013:1861-1 (chromium)\");\n\n tag_insight = \"\n Chromium was updated to 31.0.1650.57: Stable channel update:\n - Security Fixes:\n * CVE-2013-6632: Multiple memory corruption issues.\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n - Security fixes:\n * CVE-2013-6621: Use after free related to speech input\n elements..\n * CVE-2013-6622: Use after free related to media\n elements.\n * CVE-2013-6623: Out of bounds read in SVG.\n * CVE-2013-6624: Use after free related to id\n attribute strings.\n * CVE-2013-6625: Use after free in DOM ranges.\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n * CVE-2013-6631: Use after free in libjingle.\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium.\n * Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n - Easier searching by image\n - A number of new apps/extension APIs\n - Lots of under the hood changes for stability and\n performance\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n 204 No Content status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"chromium on openSUSE 13.1\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:1861_1\");\n script_summary(\"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~31.0.1650.57~8.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2013-6649", "CVE-2013-2922", "CVE-2013-2915", "CVE-2013-6802", "CVE-2013-6667", "CVE-2013-6655", "CVE-2013-2920", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-2931", "CVE-2013-6660", "CVE-2013-6644", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-6665", "CVE-2013-2913", "CVE-2013-6666", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6636", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6641", "CVE-2013-6659", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6634", "CVE-2013-6646", "CVE-2013-6638", "CVE-2013-6643", "CVE-2013-6639", "CVE-2013-6628", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6637", "CVE-2013-6622", "CVE-2013-6652", "CVE-2013-6657", "CVE-2014-1681", "CVE-2013-2918", "CVE-2013-6645", "CVE-2013-6623", "CVE-2013-6668", "CVE-2013-6664", "CVE-2013-2928", "CVE-2013-6650", "CVE-2013-6640"], "description": "Gentoo Linux Local Security Checks GLSA 201403-01", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121161", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201403-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201403-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121161\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:58 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201403-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201403-01\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6632\", \"CVE-2013-6634\", \"CVE-2013-6635\", \"CVE-2013-6636\", \"CVE-2013-6637\", \"CVE-2013-6638\", \"CVE-2013-6639\", \"CVE-2013-6640\", \"CVE-2013-6641\", \"CVE-2013-6643\", \"CVE-2013-6644\", \"CVE-2013-6645\", \"CVE-2013-6646\", \"CVE-2013-6649\", \"CVE-2013-6650\", \"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2013-6802\", \"CVE-2014-1681\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201403-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 33.0.1750.146\"), vulnerable: make_list(\"lt 33.0.1750.146\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(), vulnerable: make_list(\"lt 3.20.17.13\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "description": "Update to Chromium 30.0.1599.66:\n - Easier searching by image\n - A number of new apps/extension APIs\n - Lots of under the hood changes for stability and\n performance\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n \u00c3\u00a2\u00c2\u0080\u00c2\u009c204 No Content\u00c3\u00a2\u00c2\u0080\u00c2\u009d status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: Address bar spoofing related to the \u00c3\u00a2\u00c2\u0080\u00c2\u009c204\n No Content\u00c3\u00a2\u00c2\u0080\u00c2\u009d status code\n + CVE-2013-2917: Out of bounds read in Web Audio\n + CVE-2013-2918: Use-after-free in DOM\n + CVE-2013-2919: Memory corruption in V8\n + CVE-2013-2920: Out of bounds read in URL parsing\n + CVE-2013-2921: Use-after-free in resource loader\n + CVE-2013-2922: Use-after-free in template element\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n - Add patch chromium-fix-altgrkeys.diff\n - Make sure that AltGr is treated correctly\n (issue#296835)\n\n - Do not build with system libxml (bnc#825157)\n\n - Update to Chromium 31.0.1640.0\n * Bug and Stability Fixes\n - Fix destkop file for chromium by removing extension from\n icon\n - Change the methodology for the Chromium packages. Build\n is now based on an official tarball. As soon as the Beta\n channel catches up with the current version, Chromium\n will be based on the Beta channel instead of svn\n snapshots\n\n - Update to 31.0.1632\n * Bug and Stability fixes\n - Added the flag --enable-threaded-compositing to the\n startup script. This flag seems to be required when\n hardware acceleration is in use. This prevents websites\n from locking up on users in certain cases.\n\n - Update to 31.0.1627\n * Bug and Stability fixes\n\n - Update to 31.0.1619\n * bug and Stability fixes\n\n - require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel\n >= 4.9.5\n\n - Add patch exclude_ymp.diff to ensure that 1-click-install\n files are downloaded and NOT opened (bnc#836059)\n\n - Update to 31.0.1611\n * Bug and stability fixes\n\n - Update to 31.0.1605\n * Bug and stability fixes\n\n - Change the startup script so that Chromium will not\n start when the chrome_sandbox doesn't have the SETUID.\n (bnc#779448)\n\n - Update to 31.0.1601\n * Bug and stability fixes\n\n - Update to 30.0.1594\n * Bug and stability fixes\n - Correct specfile to properly own /usr/bin/chromium\n (bnc#831584)\n - Chromium now expects the SUID-helper installed in the\n same directory as chromium. So let's create a symlink to\n the helper in /usr/lib\n\n - Update to 30.0.1587\n * Bug and stability fixes\n - Remove patch chromium-nss-compliant.diff (Upstream)\n\n - Update to 30.0.1575\n * Bug and stability fixes\n * Enable the gpu-sandbox again due to upstream fix\n (chromium#255063)\n\n - Update to 30.0.1567\n * bug and Stability fixes\n\n", "edition": 1, "modified": "2013-10-16T18:04:12", "published": "2013-10-16T18:04:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html", "id": "OPENSUSE-SU-2013:1556-1", "title": "chromium: 30.0.1599.66 security and bugfix update (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2931", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-6631", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6622", "CVE-2013-2918", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "Chromium was updated to 31.0.1650.57: Stable channel update:\n - Security Fixes:\n * CVE-2013-6632: Multiple memory corruption issues.\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n - Security fixes:\n * CVE-2013-6621: Use after free related to speech input\n elements..\n * CVE-2013-6622: Use after free related to media\n elements.\n * CVE-2013-6623: Out of bounds read in SVG.\n * CVE-2013-6624: Use after free related to \u00c3\u00a2\u00c2\u0080\u00c2\u009cid\u00c3\u00a2\u00c2\u0080\u00c2\u009d\n attribute strings.\n * CVE-2013-6625: Use after free in DOM ranges.\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n * CVE-2013-6631: Use after free in libjingle.\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium.\n * Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n - Easier searching by image\n - A number of new apps/extension APIs\n - Lots of under the hood changes for stability and\n performance\n - Security fixes:\n + CVE-2013-2906: Races in Web Audio\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n + CVE-2013-2908: Address bar spoofing related to the\n \u00c3\u00a2\u00c2\u0080\u00c2\u009c204 No Content\u00c3\u00a2\u00c2\u0080\u00c2\u009d status code\n + CVE-2013-2909: Use after free in inline-block rendering\n + CVE-2013-2910: Use-after-free in Web Audio\n + CVE-2013-2911: Use-after-free in XSLT\n + CVE-2013-2912: Use-after-free in PPAPI\n + CVE-2013-2913: Use-after-free in XML document parsing\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n + CVE-2013-2916: Address bar spoofing related to the \u00c3\u00a2\u00c2\u0080\u00c2\u009c204\n No Content\u00c3\u00a2\u00c2\u0080\u00c2\u009d status code\n + CVE-2013-2917: Out of bounds read in Web Audio\n + CVE-2013-2918: Use-after-free in DOM\n + CVE-2013-2919: Memory corruption in V8\n + CVE-2013-2920: Out of bounds read in URL parsing\n + CVE-2013-2921: Use-after-free in resource loader\n + CVE-2013-2922: Use-after-free in template element\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n", "edition": 1, "modified": "2013-12-12T18:05:02", "published": "2013-12-12T18:05:02", "id": "OPENSUSE-SU-2013:1861-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", "title": "chromium: update to 31.0.1650.57 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n50 security fixes in this release, including:\n\n[223962][270758][271161][284785][284786] Medium CVE-2013-2906:\n\t Races in Web Audio. Credit to Atte Kettunen of OUSPG.\n[260667] Medium CVE-2013-2907: Out of bounds read in\n\t Window.prototype object. Credit to Boris Zbarsky.\n[265221] Medium CVE-2013-2908: Address bar spoofing related to\n\t the \u00e2\u0080\u009c204 No Content\u00e2\u0080\u009d status code. Credit to Chamal de Silva.\n[265838][279277] High CVE-2013-2909: Use after free in\n\t inline-block rendering. Credit to Atte Kettunen of OUSPG.\n[269753] Medium CVE-2013-2910: Use-after-free in Web Audio.\n\t Credit to Byoungyoung Lee of Georgia Tech Information Security\n\t Center (GTISC).\n[271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to\n\t Atte Kettunen of OUSPG.\n[276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to\n\t Chamal de Silva and 41.w4r10r(at)garage4hackers.com.\n[278908] High CVE-2013-2913: Use-after-free in XML document\n\t parsing. Credit to cloudfuzzer.\n[279263] High CVE-2013-2914: Use after free in the Windows\n\t color chooser dialog. Credit to Khalil Zhani.\n[280512] Low CVE-2013-2915: Address bar spoofing via a\n\t malformed scheme. Credit to Wander Groeneveld. \n[281256] High CVE-2013-2916: Address bar spoofing related to\n\t the \u00e2\u0080\u009c204 No Content\u00e2\u0080\u009d status code. Credit to Masato Kinugawa.\n[281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.\n\t Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech\n\t Information Security Center (GTISC).\n[282088] High CVE-2013-2918: Use-after-free in DOM. Credit to\n\t Byoungyoung Lee of Georgia Tech Information Security Center\n\t (GTISC).\n[282736] High CVE-2013-2919: Memory corruption in V8. Credit to\n\t Adam Haile of Concrete Data.\n[285742] Medium CVE-2013-2920: Out of bounds read in URL\n\t parsing. Credit to Atte Kettunen of OUSPG.\n[286414] High CVE-2013-2921: Use-after-free in resource loader.\n\t Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech\n\t Information Security Center (GTISC).\n[286975] High CVE-2013-2922: Use-after-free in template\n\t element. Credit to Jon Butler.\n[299016] CVE-2013-2923: Various fixes from internal audits,\n\t fuzzing and other initiatives (Chrome 30).\n[275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream\n\t bug here.\n\n\n", "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/e5414d0c-2ade-11e3-821d-00262d5ed8ee.html", "id": "E5414D0C-2ADE-11E3-821D-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-02-01T03:46:25", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.66. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A race condition exists related to 'Web Audio'.\n (CVE-2013-2906)\n\n - Out-of-bounds read errors exist related to\n the 'Window.prototype' object, 'Web Audio', and URL\n parsing. (CVE-2013-2907, CVE-2013-2917, CVE-2013-2920)\n\n - Several errors exist related to the address bar that\n could allow spoofing attacks. (CVE-2013-2908,\n CVE-2013-2915, CVE-2013-2916)\n\n - Use-after-free errors exist related to 'inline-block'\n rendering, 'Web Audio', XSLT, PPAPI, XML document\n parsing, Windows color chooser dialog, DOM, the\n resource loader, the 'template' element and ICU.\n (CVE-2013-2909, CVE-2013-2910, CVE-2013-2911,\n CVE-2013-2912, CVE-2013-2913, CVE-2013-2914,\n CVE-2013-2918, CVE-2013-2921, CVE-2013-2922,\n CVE-2013-2924)\n\n - A memory corruption error exists in the V8\n JavaScript engine. (CVE-2013-2919)\n\n - Various, unspecified errors exist. (CVE-2013-2923)", "edition": 26, "published": "2013-11-13T00:00:00", "title": "Google Chrome < 30.0.1599.66 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_30_0_1599_66.NASL", "href": "https://www.tenable.com/plugins/nessus/70893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70893);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2906\",\n \"CVE-2013-2907\",\n \"CVE-2013-2908\",\n \"CVE-2013-2909\",\n \"CVE-2013-2910\",\n \"CVE-2013-2911\",\n \"CVE-2013-2912\",\n \"CVE-2013-2913\",\n \"CVE-2013-2914\",\n \"CVE-2013-2915\",\n \"CVE-2013-2916\",\n \"CVE-2013-2917\",\n \"CVE-2013-2918\",\n \"CVE-2013-2919\",\n \"CVE-2013-2920\",\n \"CVE-2013-2921\",\n \"CVE-2013-2922\",\n \"CVE-2013-2923\",\n \"CVE-2013-2924\"\n );\n script_bugtraq_id(62752, 62968);\n\n script_name(english:\"Google Chrome < 30.0.1599.66 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.66. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A race condition exists related to 'Web Audio'.\n (CVE-2013-2906)\n\n - Out-of-bounds read errors exist related to\n the 'Window.prototype' object, 'Web Audio', and URL\n parsing. (CVE-2013-2907, CVE-2013-2917, CVE-2013-2920)\n\n - Several errors exist related to the address bar that\n could allow spoofing attacks. (CVE-2013-2908,\n CVE-2013-2915, CVE-2013-2916)\n\n - Use-after-free errors exist related to 'inline-block'\n rendering, 'Web Audio', XSLT, PPAPI, XML document\n parsing, Windows color chooser dialog, DOM, the\n resource loader, the 'template' element and ICU.\n (CVE-2013-2909, CVE-2013-2910, CVE-2013-2911,\n CVE-2013-2912, CVE-2013-2913, CVE-2013-2914,\n CVE-2013-2918, CVE-2013-2921, CVE-2013-2922,\n CVE-2013-2924)\n\n - A memory corruption error exists in the V8\n JavaScript engine. (CVE-2013-2919)\n\n - Various, unspecified errors exist. (CVE-2013-2923)\");\n # http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e1731d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 30.0.1599.66 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'30.0.1599.66', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:18:48", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.66. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A race condition exists related to 'Web Audio'.\n (CVE-2013-2906)\n\n - Out-of-bounds read errors exist related to\n the 'Window.prototype' object, 'Web Audio', and URL\n parsing. (CVE-2013-2907, CVE-2013-2917, CVE-2013-2920)\n\n - Several errors exist related to the address bar that\n could allow spoofing attacks. (CVE-2013-2908,\n CVE-2013-2915, CVE-2013-2916)\n\n - Use-after-free errors exist related to 'inline-block'\n rendering, 'Web Audio', XSLT, PPAPI, XML document\n parsing, Windows color chooser dialog, DOM, the\n resource loader, the 'template' element and ICU.\n (CVE-2013-2909, CVE-2013-2910, CVE-2013-2911,\n CVE-2013-2912, CVE-2013-2913, CVE-2013-2914,\n CVE-2013-2918, CVE-2013-2921, CVE-2013-2922,\n CVE-2013-2924)\n\n - A memory corruption error exists in the V8\n JavaScript engine. (CVE-2013-2919)\n\n - Various, unspecified errors exist. (CVE-2013-2923)", "edition": 26, "published": "2013-10-02T00:00:00", "title": "Google Chrome < 30.0.1599.66 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_30_0_1599_66.NASL", "href": "https://www.tenable.com/plugins/nessus/70273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70273);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2906\",\n \"CVE-2013-2907\",\n \"CVE-2013-2908\",\n \"CVE-2013-2909\",\n \"CVE-2013-2910\",\n \"CVE-2013-2911\",\n \"CVE-2013-2912\",\n \"CVE-2013-2913\",\n \"CVE-2013-2914\",\n \"CVE-2013-2915\",\n \"CVE-2013-2916\",\n \"CVE-2013-2917\",\n \"CVE-2013-2918\",\n \"CVE-2013-2919\",\n \"CVE-2013-2920\",\n \"CVE-2013-2921\",\n \"CVE-2013-2922\",\n \"CVE-2013-2923\",\n \"CVE-2013-2924\"\n );\n script_bugtraq_id(62752, 62968);\n\n script_name(english:\"Google Chrome < 30.0.1599.66 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.66. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A race condition exists related to 'Web Audio'.\n (CVE-2013-2906)\n\n - Out-of-bounds read errors exist related to\n the 'Window.prototype' object, 'Web Audio', and URL\n parsing. (CVE-2013-2907, CVE-2013-2917, CVE-2013-2920)\n\n - Several errors exist related to the address bar that\n could allow spoofing attacks. (CVE-2013-2908,\n CVE-2013-2915, CVE-2013-2916)\n\n - Use-after-free errors exist related to 'inline-block'\n rendering, 'Web Audio', XSLT, PPAPI, XML document\n parsing, Windows color chooser dialog, DOM, the\n resource loader, the 'template' element and ICU.\n (CVE-2013-2909, CVE-2013-2910, CVE-2013-2911,\n CVE-2013-2912, CVE-2013-2913, CVE-2013-2914,\n CVE-2013-2918, CVE-2013-2921, CVE-2013-2922,\n CVE-2013-2924)\n\n - A memory corruption error exists in the V8\n JavaScript engine. (CVE-2013-2919)\n\n - Various, unspecified errors exist. (CVE-2013-2923)\");\n # http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e1731d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 30.0.1599.66 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'30.0.1599.66', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:26:56", "description": "Update to Chromium 30.0.1599.66 :\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n - Add patch chromium-fix-altgrkeys.diff \n\n - Make sure that AltGr is treated correctly (issue#296835)\n\n - Do not build with system libxml (bnc#825157)\n\n - Update to Chromium 31.0.1640.0\n\n - Bug and Stability Fixes\n\n - Fix destkop file for chromium by removing extension from\n icon\n\n - Change the methodology for the Chromium packages. Build\n is now based on an official tarball. As soon as the Beta\n channel catches up with the current version, Chromium\n will be based on the Beta channel instead of svn\n snapshots\n\n - Update to 31.0.1632\n\n - Bug and Stability fixes\n\n - Added the flag --enable-threaded-compositing to the\n startup script. This flag seems to be required when\n hardware acceleration is in use. This prevents websites\n from locking up on users in certain cases.\n\n - Update to 31.0.1627\n\n - Bug and Stability fixes\n\n - Update to 31.0.1619\n\n - bug and Stability fixes\n\n - require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel\n >= 4.9.5\n\n - Add patch exclude_ymp.diff to ensure that\n 1-click-install files are downloaded and NOT opened\n (bnc#836059)\n\n - Update to 31.0.1611\n\n - Bug and stability fixes\n\n - Update to 31.0.1605\n\n - Bug and stability fixes\n\n - Change the startup script so that Chromium will not\n start when the chrome_sandbox doesn't have the SETUID.\n (bnc#779448)\n\n - Update to 31.0.1601\n\n - Bug and stability fixes\n\n - Update to 30.0.1594\n\n - Bug and stability fixes\n\n - Correct specfile to properly own /usr/bin/chromium\n (bnc#831584)\n\n - Chromium now expects the SUID-helper installed in the\n same directory as chromium. So let's create a symlink to\n the helper in /usr/lib\n\n - Update to 30.0.1587\n\n - Bug and stability fixes\n\n - Remove patch chromium-nss-compliant.diff (Upstream)\n\n - Update to 30.0.1575\n\n - Bug and stability fixes\n\n - Enable the gpu-sandbox again due to upstream fix\n (chromium#255063)\n\n - Update to 30.0.1567\n\n - bug and Stability fixes", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2013:1556-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2013-769.NASL", "href": "https://www.tenable.com/plugins/nessus/75170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-769.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\");\n script_bugtraq_id(62752, 62968);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2013:1556-1)\");\n script_summary(english:\"Check for the openSUSE-2013-769 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 30.0.1599.66 :\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\n\n - Add patch chromium-fix-altgrkeys.diff \n\n - Make sure that AltGr is treated correctly (issue#296835)\n\n - Do not build with system libxml (bnc#825157)\n\n - Update to Chromium 31.0.1640.0\n\n - Bug and Stability Fixes\n\n - Fix destkop file for chromium by removing extension from\n icon\n\n - Change the methodology for the Chromium packages. Build\n is now based on an official tarball. As soon as the Beta\n channel catches up with the current version, Chromium\n will be based on the Beta channel instead of svn\n snapshots\n\n - Update to 31.0.1632\n\n - Bug and Stability fixes\n\n - Added the flag --enable-threaded-compositing to the\n startup script. This flag seems to be required when\n hardware acceleration is in use. This prevents websites\n from locking up on users in certain cases.\n\n - Update to 31.0.1627\n\n - Bug and Stability fixes\n\n - Update to 31.0.1619\n\n - bug and Stability fixes\n\n - require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel\n >= 4.9.5\n\n - Add patch exclude_ymp.diff to ensure that\n 1-click-install files are downloaded and NOT opened\n (bnc#836059)\n\n - Update to 31.0.1611\n\n - Bug and stability fixes\n\n - Update to 31.0.1605\n\n - Bug and stability fixes\n\n - Change the startup script so that Chromium will not\n start when the chrome_sandbox doesn't have the SETUID.\n (bnc#779448)\n\n - Update to 31.0.1601\n\n - Bug and stability fixes\n\n - Update to 30.0.1594\n\n - Bug and stability fixes\n\n - Correct specfile to properly own /usr/bin/chromium\n (bnc#831584)\n\n - Chromium now expects the SUID-helper installed in the\n same directory as chromium. So let's create a symlink to\n the helper in /usr/lib\n\n - Update to 30.0.1587\n\n - Bug and stability fixes\n\n - Remove patch chromium-nss-compliant.diff (Upstream)\n\n - Update to 30.0.1575\n\n - Bug and stability fixes\n\n - Enable the gpu-sandbox again due to upstream fix\n (chromium#255063)\n\n - Update to 30.0.1567\n\n - bug and Stability fixes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=836059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-10/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromedriver-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromedriver-debuginfo-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-debuginfo-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-debugsource-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-desktop-gnome-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-desktop-kde-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-ffmpegsumo-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-ffmpegsumo-debuginfo-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-suid-helper-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-suid-helper-debuginfo-30.0.1599.66-1.46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-30.0.1599.66-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-30.0.1599.66-1.11.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:51:05", "description": "Google Chrome Releases reports :\n\n50 security fixes in this release, including :\n\n- [223962][270758][271161][284785][284786] Medium CVE-2013-2906 :\nRaces in Web Audio. Credit to Atte Kettunen of OUSPG.\n\n- [260667] Medium CVE-2013-2907: Out of bounds read in\nWindow.prototype object. Credit to Boris Zbarsky.\n\n- [265221] Medium CVE-2013-2908: Address bar spoofing related to the\n'204 No Content' status code. Credit to Chamal de Silva.\n\n- [265838][279277] High CVE-2013-2909: Use after free in inline-block\nrendering. Credit to Atte Kettunen of OUSPG.\n\n- [269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit\nto Byoungyoung Lee of Georgia Tech Information Security Center\n(GTISC).\n\n- [271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte\nKettunen of OUSPG.\n\n- [276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to\nChamal de Silva and 41.w4r10r(at)garage4hackers.com.\n\n- [278908] High CVE-2013-2913: Use-after-free in XML document parsing.\nCredit to cloudfuzzer.\n\n- [279263] High CVE-2013-2914: Use after free in the Windows color\nchooser dialog. Credit to Khalil Zhani.\n\n- [280512] Low CVE-2013-2915: Address bar spoofing via a malformed\nscheme. Credit to Wander Groeneveld. \n\n- [281256] High CVE-2013-2916: Address bar spoofing related to the\n'204 No Content' status code. Credit to Masato Kinugawa.\n\n- [281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.\nCredit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information\nSecurity Center (GTISC).\n\n- [282088] High CVE-2013-2918: Use-after-free in DOM. Credit to\nByoungyoung Lee of Georgia Tech Information Security Center (GTISC).\n\n- [282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam\nHaile of Concrete Data.\n\n- [285742] Medium CVE-2013-2920: Out of bounds read in URL parsing.\nCredit to Atte Kettunen of OUSPG.\n\n- [286414] High CVE-2013-2921: Use-after-free in resource loader.\nCredit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information\nSecurity Center (GTISC).\n\n- [286975] High CVE-2013-2922: Use-after-free in template element.\nCredit to Jon Butler.\n\n- [299016] CVE-2013-2923: Various fixes from internal audits, fuzzing\nand other initiatives (Chrome 30).\n\n- [275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug\nhere.", "edition": 22, "published": "2013-10-02T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (e5414d0c-2ade-11e3-821d-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2924", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918"], "modified": "2013-10-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_E5414D0C2ADE11E3821D00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/70265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70265);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (e5414d0c-2ade-11e3-821d-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n50 security fixes in this release, including :\n\n- [223962][270758][271161][284785][284786] Medium CVE-2013-2906 :\nRaces in Web Audio. Credit to Atte Kettunen of OUSPG.\n\n- [260667] Medium CVE-2013-2907: Out of bounds read in\nWindow.prototype object. Credit to Boris Zbarsky.\n\n- [265221] Medium CVE-2013-2908: Address bar spoofing related to the\n'204 No Content' status code. Credit to Chamal de Silva.\n\n- [265838][279277] High CVE-2013-2909: Use after free in inline-block\nrendering. Credit to Atte Kettunen of OUSPG.\n\n- [269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit\nto Byoungyoung Lee of Georgia Tech Information Security Center\n(GTISC).\n\n- [271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte\nKettunen of OUSPG.\n\n- [276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to\nChamal de Silva and 41.w4r10r(at)garage4hackers.com.\n\n- [278908] High CVE-2013-2913: Use-after-free in XML document parsing.\nCredit to cloudfuzzer.\n\n- [279263] High CVE-2013-2914: Use after free in the Windows color\nchooser dialog. Credit to Khalil Zhani.\n\n- [280512] Low CVE-2013-2915: Address bar spoofing via a malformed\nscheme. Credit to Wander Groeneveld. \n\n- [281256] High CVE-2013-2916: Address bar spoofing related to the\n'204 No Content' status code. Credit to Masato Kinugawa.\n\n- [281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.\nCredit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information\nSecurity Center (GTISC).\n\n- [282088] High CVE-2013-2918: Use-after-free in DOM. Credit to\nByoungyoung Lee of Georgia Tech Information Security Center (GTISC).\n\n- [282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam\nHaile of Concrete Data.\n\n- [285742] Medium CVE-2013-2920: Out of bounds read in URL parsing.\nCredit to Atte Kettunen of OUSPG.\n\n- [286414] High CVE-2013-2921: Use-after-free in resource loader.\nCredit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information\nSecurity Center (GTISC).\n\n- [286975] High CVE-2013-2922: Use-after-free in template element.\nCredit to Jon Butler.\n\n- [299016] CVE-2013-2923: Various fixes from internal audits, fuzzing\nand other initiatives (Chrome 30).\n\n- [275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug\nhere.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/e5414d0c-2ade-11e3-821d-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ace320ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<30.0.1599.66\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:11", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-2906\n Atte Kettunen of OUSPG discovered race conditions in Web\n Audio.\n\n - CVE-2013-2907\n Boris Zbarsky discovered an out-of-bounds read in\n window.prototype.\n\n - CVE-2013-2908\n Chamal de Silva discovered an address bar spoofing\n issue.\n\n - CVE-2013-2909\n Atte Kuttenen of OUSPG discovered a use-after-free issue\n in inline-block.\n\n - CVE-2013-2910\n Byoungyoung Lee of the Georgia Tech Information Security\n Center discovered a use-after-free issue in Web Audio.\n\n - CVE-2013-2911\n Atte Kettunen of OUSPG discovered a use-after-free in\n Blink's XSLT handling.\n\n - CVE-2013-2912\n Chamal de Silva and 41.w4r10r(at)garage4hackers.com\n discovered a use-after-free issue in the Pepper Plug-in\n API.\n\n - CVE-2013-2913\n cloudfuzzer discovered a use-after-free issue in Blink's\n XML document parsing.\n\n - CVE-2013-2915\n Wander Groeneveld discovered an address bar spoofing\n issue.\n\n - CVE-2013-2916\n Masato Kinugawa discovered an address bar spoofing\n issue.\n\n - CVE-2013-2917\n Byoungyoung Lee and Tielei Wang discovered an\n out-of-bounds read issue in Web Audio.\n\n - CVE-2013-2918\n Byoungyoung Lee discoverd an out-of-bounds read in\n Blink's DOM implementation.\n\n - CVE-2013-2919\n Adam Haile of Concrete Data discovered a memory\n corruption issue in the V8 JavaScript library.\n\n - CVE-2013-2920\n Atte Kuttunen of OUSPG discovered an out-of-bounds read\n in URL host resolving.\n\n - CVE-2013-2921\n Byoungyoung Lee and Tielei Wang discovered a\n use-after-free issue in resource loading.\n\n - CVE-2013-2922\n Jon Butler discovered a use-after-free issue in Blink's\n HTML template element implementation.\n\n - CVE-2013-2924\n A use-after-free issue was discovered in the\n International Components for Unicode (ICU) library. \n\n - CVE-2013-2925\n Atte Kettunen of OUSPG discover a use-after-free issue\n in Blink's XML HTTP request implementation.\n\n - CVE-2013-2926\n cloudfuzzer discovered a use-after-free issue in the\n list indenting implementation.\n\n - CVE-2013-2927\n cloudfuzzer discovered a use-after-free issue in the\n HTML form submission implementation. \n\n - CVE-2013-2923 and CVE-2013-2928\n The chrome 30 development team found various issues from\n internal fuzzing, audits, and other studies.", "edition": 18, "published": "2013-10-27T00:00:00", "title": "Debian DSA-2785-1 : chromium-browser - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918", "CVE-2013-2928"], "modified": "2013-10-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2785.NASL", "href": "https://www.tenable.com/plugins/nessus/70636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2785. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70636);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\");\n script_bugtraq_id(62752, 62968, 63024, 63025, 63026, 63028);\n script_xref(name:\"DSA\", value:\"2785\");\n\n script_name(english:\"Debian DSA-2785-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-2906\n Atte Kettunen of OUSPG discovered race conditions in Web\n Audio.\n\n - CVE-2013-2907\n Boris Zbarsky discovered an out-of-bounds read in\n window.prototype.\n\n - CVE-2013-2908\n Chamal de Silva discovered an address bar spoofing\n issue.\n\n - CVE-2013-2909\n Atte Kuttenen of OUSPG discovered a use-after-free issue\n in inline-block.\n\n - CVE-2013-2910\n Byoungyoung Lee of the Georgia Tech Information Security\n Center discovered a use-after-free issue in Web Audio.\n\n - CVE-2013-2911\n Atte Kettunen of OUSPG discovered a use-after-free in\n Blink's XSLT handling.\n\n - CVE-2013-2912\n Chamal de Silva and 41.w4r10r(at)garage4hackers.com\n discovered a use-after-free issue in the Pepper Plug-in\n API.\n\n - CVE-2013-2913\n cloudfuzzer discovered a use-after-free issue in Blink's\n XML document parsing.\n\n - CVE-2013-2915\n Wander Groeneveld discovered an address bar spoofing\n issue.\n\n - CVE-2013-2916\n Masato Kinugawa discovered an address bar spoofing\n issue.\n\n - CVE-2013-2917\n Byoungyoung Lee and Tielei Wang discovered an\n out-of-bounds read issue in Web Audio.\n\n - CVE-2013-2918\n Byoungyoung Lee discoverd an out-of-bounds read in\n Blink's DOM implementation.\n\n - CVE-2013-2919\n Adam Haile of Concrete Data discovered a memory\n corruption issue in the V8 JavaScript library.\n\n - CVE-2013-2920\n Atte Kuttunen of OUSPG discovered an out-of-bounds read\n in URL host resolving.\n\n - CVE-2013-2921\n Byoungyoung Lee and Tielei Wang discovered a\n use-after-free issue in resource loading.\n\n - CVE-2013-2922\n Jon Butler discovered a use-after-free issue in Blink's\n HTML template element implementation.\n\n - CVE-2013-2924\n A use-after-free issue was discovered in the\n International Components for Unicode (ICU) library. \n\n - CVE-2013-2925\n Atte Kettunen of OUSPG discover a use-after-free issue\n in Blink's XML HTTP request implementation.\n\n - CVE-2013-2926\n cloudfuzzer discovered a use-after-free issue in the\n list indenting implementation.\n\n - CVE-2013-2927\n cloudfuzzer discovered a use-after-free issue in the\n HTML form submission implementation. \n\n - CVE-2013-2923 and CVE-2013-2928\n The chrome 30 development team found various issues from\n internal fuzzing, audits, and other studies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2785\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 30.0.1599.101-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"30.0.1599.101-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:10", "description": "Chromium was updated to 31.0.1650.57: Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update :\n\n - Security fixes :\n\n - CVE-2013-6621: Use after free related to speech input\n elements..\n\n - CVE-2013-6622: Use after free related to media elements. \n\n - CVE-2013-6623: Out of bounds read in SVG.\n\n - CVE-2013-6624: Use after free related to\n “id” attribute strings.\n\n - CVE-2013-6625: Use after free in DOM ranges.\n\n - CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n - CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n - CVE-2013-6628: Issue with certificates not being checked\n during TLS renegotiation.\n\n - CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6629: Read of uninitialized memory in libjpeg\n and libjpeg-turbo.\n\n - CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n - CVE-2013-6631: Use after free in libjingle.\n\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium. \n\n - Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2931", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-6631", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6622", "CVE-2013-2918", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2013-961.NASL", "href": "https://www.tenable.com/plugins/nessus/75225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-961.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75225);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\", \"CVE-2013-6632\");\n script_bugtraq_id(62752, 62968, 63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63673, 63674, 63675, 63676, 63677, 63678, 63679, 63729, 64354);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)\");\n script_summary(english:\"Check for the openSUSE-2013-961 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 31.0.1650.57: Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update :\n\n - Security fixes :\n\n - CVE-2013-6621: Use after free related to speech input\n elements..\n\n - CVE-2013-6622: Use after free related to media elements. \n\n - CVE-2013-6623: Out of bounds read in SVG.\n\n - CVE-2013-6624: Use after free related to\n “id” attribute strings.\n\n - CVE-2013-6625: Use after free in DOM ranges.\n\n - CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n - CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n - CVE-2013-6628: Issue with certificates not being checked\n during TLS renegotiation.\n\n - CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6629: Read of uninitialized memory in libjpeg\n and libjpeg-turbo.\n\n - CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n - CVE-2013-6631: Use after free in libjingle.\n\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium. \n\n - Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00049.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-31.0.1650.57-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-31.0.1650.57-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:27:36", "description": " - Update to Chromium 31.0.1650.63 Stable channel update :\n\n - Security fixes :\n\n - CVE-2013-6634: Session fixation in sync related to 302\n redirects\n\n - CVE-2013-6635: Use-after-free in editing\n\n - CVE-2013-6636: Address bar spoofing related to modal\n dialogs\n\n - CVE-2013-6637: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6638: Buffer overflow in v8\n\n - CVE-2013-6639: Out of bounds write in v8.\n\n - CVE-2013-6640: Out of bounds read in v8\n\n - and 12 other security fixes.\n\n - Remove the build flags to build according to the Chrome\n ffmpeg branding and the proprietary codecs. (bnc#847971)\n\n - Update to Chromium 31.0.1650.57 Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update :\n\n - Security fixes :\n\n - CVE-2013-6621: Use after free related to speech input\n elements..\n\n - CVE-2013-6622: Use after free related to media elements. \n\n - CVE-2013-6623: Out of bounds read in SVG.\n\n - CVE-2013-6624: Use after free related to\n “id” attribute strings.\n\n - CVE-2013-6625: Use after free in DOM ranges.\n\n - CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n - CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n - CVE-2013-6628: Issue with certificates not being checked\n during TLS renegotiation.\n\n - CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6629: Read of uninitialized memory in libjpeg\n and libjpeg-turbo.\n\n - CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n - CVE-2013-6631: Use after free in libjingle.\n\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium. \n\n - Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2931", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-6631", "CVE-2013-2914", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6636", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6634", "CVE-2013-6638", "CVE-2013-6639", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6637", "CVE-2013-6622", "CVE-2013-2918", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928", "CVE-2013-6640"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2014-37.NASL", "href": "https://www.tenable.com/plugins/nessus/75366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-37.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75366);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2914\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2924\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\", \"CVE-2013-6632\", \"CVE-2013-6634\", \"CVE-2013-6635\", \"CVE-2013-6636\", \"CVE-2013-6637\", \"CVE-2013-6638\", \"CVE-2013-6639\", \"CVE-2013-6640\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)\");\n script_summary(english:\"Check for the openSUSE-2014-37 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to Chromium 31.0.1650.63 Stable channel update :\n\n - Security fixes :\n\n - CVE-2013-6634: Session fixation in sync related to 302\n redirects\n\n - CVE-2013-6635: Use-after-free in editing\n\n - CVE-2013-6636: Address bar spoofing related to modal\n dialogs\n\n - CVE-2013-6637: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6638: Buffer overflow in v8\n\n - CVE-2013-6639: Out of bounds write in v8.\n\n - CVE-2013-6640: Out of bounds read in v8\n\n - and 12 other security fixes.\n\n - Remove the build flags to build according to the Chrome\n ffmpeg branding and the proprietary codecs. (bnc#847971)\n\n - Update to Chromium 31.0.1650.57 Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update :\n\n - Security fixes :\n\n - CVE-2013-6621: Use after free related to speech input\n elements..\n\n - CVE-2013-6622: Use after free related to media elements. \n\n - CVE-2013-6623: Out of bounds read in SVG.\n\n - CVE-2013-6624: Use after free related to\n “id” attribute strings.\n\n - CVE-2013-6625: Use after free in DOM ranges.\n\n - CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n - CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n - CVE-2013-6628: Issue with certificates not being checked\n during TLS renegotiation.\n\n - CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - CVE-2013-6629: Read of uninitialized memory in libjpeg\n and libjpeg-turbo.\n\n - CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n - CVE-2013-6631: Use after free in libjingle.\n\n - Added patch chromium-fix-chromedriver-build.diff to fix\n the chromedriver build\n\n - Enable ARM build for Chromium. \n\n - Added patches chromium-arm-webrtc-fix.patch,\n chromium-fix-arm-icu.patch and\n chromium-fix-arm-sysroot.patch to resolve ARM specific\n build issues\n\n - Update to Chromium 30.0.1599.114 Stable Channel update:\n fix build for 32bit systems\n\n - Drop patch chromium-fix-chromedriver-build.diff. This is\n now fixed upstream\n\n - For openSUSE versions lower than 13.1, build against the\n in-tree libicu\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Update to Chromium 30.0.1599.66\n\n - Easier searching by image \n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance\n\n - Security fixes :\n\n + CVE-2013-2906: Races in Web Audio\n\n + CVE-2013-2907: Out of bounds read in Window.prototype\n object\n\n + CVE-2013-2908: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2909: Use after free in inline-block rendering\n\n + CVE-2013-2910: Use-after-free in Web Audio\n\n + CVE-2013-2911: Use-after-free in XSLT\n\n + CVE-2013-2912: Use-after-free in PPAPI\n\n + CVE-2013-2913: Use-after-free in XML document parsing\n\n + CVE-2013-2914: Use after free in the Windows color\n chooser dialog\n\n + CVE-2013-2915: Address bar spoofing via a malformed\n scheme\n\n + CVE-2013-2916: Address bar spoofing related to the\n “204 No Content” status code\n\n + CVE-2013-2917: Out of bounds read in Web Audio\n\n + CVE-2013-2918: Use-after-free in DOM\n\n + CVE-2013-2919: Memory corruption in V8\n\n + CVE-2013-2920: Out of bounds read in URL parsing\n\n + CVE-2013-2921: Use-after-free in resource loader\n\n + CVE-2013-2922: Use-after-free in template element\n\n + CVE-2013-2923: Various fixes from internal audits,\n fuzzing and other initiatives \n\n + CVE-2013-2924: Use-after-free in ICU. Upstream bug\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-31.0.1650.63-13.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-31.0.1650.63-13.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:35", "description": "The remote host is affected by the vulnerability described in GLSA-201403-01\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other unspecified\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2014-03-06T00:00:00", "title": "GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2013-6649", "CVE-2013-2922", "CVE-2013-2915", "CVE-2013-6802", "CVE-2013-6667", "CVE-2013-6655", "CVE-2013-2920", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-2931", "CVE-2013-6660", "CVE-2013-6644", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-6665", "CVE-2013-2913", "CVE-2013-6666", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6636", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6641", "CVE-2013-6659", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6634", "CVE-2013-6646", "CVE-2013-6638", "CVE-2013-6643", "CVE-2013-6639", "CVE-2013-6628", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6637", "CVE-2013-6622", "CVE-2013-6652", "CVE-2013-6657", "CVE-2014-1681", "CVE-2013-2918", "CVE-2013-6645", "CVE-2013-6623", "CVE-2013-6668", "CVE-2013-6664", "CVE-2013-2928", "CVE-2013-6650", "CVE-2013-6640"], "modified": "2014-03-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:v8", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201403-01.NASL", "href": "https://www.tenable.com/plugins/nessus/72851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201403-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72851);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6632\", \"CVE-2013-6634\", \"CVE-2013-6635\", \"CVE-2013-6636\", \"CVE-2013-6637\", \"CVE-2013-6638\", \"CVE-2013-6639\", \"CVE-2013-6640\", \"CVE-2013-6641\", \"CVE-2013-6643\", \"CVE-2013-6644\", \"CVE-2013-6645\", \"CVE-2013-6646\", \"CVE-2013-6649\", \"CVE-2013-6650\", \"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2013-6802\", \"CVE-2014-1681\");\n script_bugtraq_id(62752, 63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63674, 63675, 63677, 63678, 63727, 63729, 64078, 64354, 64805, 64981, 65168, 65172, 65232, 65699, 65779, 65930);\n script_xref(name:\"GLSA\", value:\"201403-01\");\n\n script_name(english:\"GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201403-01\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other unspecified\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201403-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-33.0.1750.146'\n Gentoo has discontinued support for separate V8 package. We recommend\n that users unmerge V8:\n # emerge --unmerge 'dev-lang/v8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 33.0.1750.146\"), vulnerable:make_list(\"lt 33.0.1750.146\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(), vulnerable:make_list(\"lt 3.20.17.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2922", "CVE-2013-2915", "CVE-2013-2920", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-2913", "CVE-2013-2912", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-2924", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-2918", "CVE-2013-2928"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2785-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nOctober 26, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2906 CVE-2013-2907 CVE-2013-2908 CVE-2013-2909 \n CVE-2013-2910 CVE-2013-2911 CVE-2013-2912 CVE-2013-2913\n CVE-2013-2915 CVE-2013-2916 CVE-2013-2917 CVE-2013-2918\n CVE-2013-2919 CVE-2013-2920 CVE-2013-2921 CVE-2013-2922\n CVE-2013-2923 CVE-2013-2924 CVE-2013-2925 CVE-2013-2926\n CVE-2013-2927 CVE-2013-2928\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-2906\n\n Atte Kettunen of OUSPG discovered race conditions in Web Audio.\n\nCVE-2013-2907\n\n Boris Zbarsky discovered an out-of-bounds read in window.prototype.\n\nCVE-2013-2908\n\n Chamal de Silva discovered an address bar spoofing issue.\n\nCVE-2013-2909\n\n Atte Kuttenen of OUSPG discovered a use-after-free issue in\n inline-block.\n\nCVE-2013-2910\n\n Byoungyoung Lee of the Georgia Tech Information Security Center\n discovered a use-after-free issue in Web Audio.\n\nCVE-2013-2911\n\n Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT\n handling.\n\nCVE-2013-2912\n\n Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a\n use-after-free issue in the Pepper Plug-in API.\n\nCVE-2013-2913\n\n cloudfuzzer discovered a use-after-free issue in Blink's XML\n document parsing.\n\nCVE-2013-2915\n\n Wander Groeneveld discovered an address bar spoofing issue.\n\nCVE-2013-2916\n\n Masato Kinugawa discovered an address bar spoofing issue.\n\nCVE-2013-2917\n\n Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read\n issue in Web Audio.\n\nCVE-2013-2918\n\n Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM\n implementation.\n\nCVE-2013-2919\n\n Adam Haile of Concrete Data discovered a memory corruption issue\n in the V8 javascript library.\n\nCVE-2013-2920\n\n Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL\n host resolving.\n\nCVE-2013-2921\n\n Byoungyoung Lee and Tielei Wang discovered a use-after-free issue\n in resource loading.\n\nCVE-2013-2922\n\n Jon Butler discovered a use-after-free issue in Blink's HTML\n template element implementation.\n\nCVE-2013-2924\n\n A use-after-free issue was discovered in the International\n Components for Unicode (ICU) library. \n\nCVE-2013-2925\n\n Atte Kettunen of OUSPG discover a use-after-free issue in Blink's\n XML HTTP request implementation.\n\nCVE-2013-2926\n\n cloudfuzzer discovered a use-after-free issue in the list indenting\n implementation.\n\nCVE-2013-2927\n\n cloudfuzzer discovered a use-after-free issue in the HTML form\n submission implementation. \n\nCVE-2013-2923 and CVE-2013-2928\n\n The chrome 30 development team found various issues from internal\n fuzzing, audits, and other studies. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 30.0.1599.101-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 30.0.1599.101-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-10-26T19:03:26", "published": "2013-10-26T19:03:26", "id": "DEBIAN:DSA-2785-1:AD67D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00197.html", "title": "[SECURITY] [DSA 2785-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6635", "CVE-2013-6649", "CVE-2013-2922", "CVE-2013-2915", "CVE-2013-6802", "CVE-2013-6667", "CVE-2013-6655", "CVE-2013-2920", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-2931", "CVE-2013-6660", "CVE-2013-6644", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-6665", "CVE-2013-2913", "CVE-2013-6666", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6636", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6641", "CVE-2013-6659", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6634", "CVE-2013-6646", "CVE-2013-6638", "CVE-2013-6643", "CVE-2013-6639", "CVE-2013-6628", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6637", "CVE-2013-6622", "CVE-2013-6652", "CVE-2013-6657", "CVE-2014-1681", "CVE-2013-2918", "CVE-2013-6645", "CVE-2013-6623", "CVE-2013-6668", "CVE-2013-6664", "CVE-2013-2928", "CVE-2013-6650", "CVE-2013-6640"], "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-33.0.1750.146\"\n \n\nGentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: \n \n \n # emerge --unmerge \"dev-lang/v8\"", "edition": 1, "modified": "2014-03-05T00:00:00", "published": "2014-03-05T00:00:00", "id": "GLSA-201403-01", "href": "https://security.gentoo.org/glsa/201403-01", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
