ID 24CEFA4B-A940-11E3-91F2-00262D5ED8EE Type freebsd Reporter FreeBSD Modified 2014-03-11T00:00:00
Description
Google Chrome Releases reports:
7 vulnerabilities fixed in this release, including:
[344881] High CVE-2014-1700: Use-after-free in speech. Credit
to Chamal de Silva.
[342618] High CVE-2014-1701: UXSS in events. Credit to
aidanhs.
[333058] High CVE-2014-1702: Use-after-free in web database.
Credit to Collin Payne.
[338354] High CVE-2014-1703: Potential sandbox escape due to a
use-after-free in web sockets.
[328202, 349079, 345715] CVE-2014-1704: Multiple
vulnerabilities in V8 fixed in version 3.23.17.18.
{"reporter": "FreeBSD", "published": "2014-03-11T00:00:00", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "title": "www/chromium --multiple vulnerabilities", "type": "freebsd", "href": "https://vuxml.freebsd.org/freebsd/24cefa4b-a940-11e3-91f2-00262d5ed8ee.html", "bulletinFamily": "unix", "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-09-26T17:24:26", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["GOOGLE_CHROME_33_0_1750_149.NASL", "DEBIAN_DSA-2883.NASL", "OPENSUSE-2014-280.NASL", "FEDORA_2014-4625.NASL", "FEDORA_2014-4081.NASL", "GENTOO_GLSA-201408-16.NASL", "FREEBSD_PKG_24CEFA4BA94011E391F200262D5ED8EE.NASL", "MACOSX_GOOGLE_CHROME_33_0_1750_149.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804341", "OPENVAS:1361412562310804339", "OPENVAS:1361412562310868068", "OPENVAS:1361412562310702883", "OPENVAS:1361412562310804340", "OPENVAS:1361412562310850581", "OPENVAS:702883", "OPENVAS:850581", "OPENVAS:867702", "OPENVAS:1361412562310867702"]}, {"type": "threatpost", "idList": ["THREATPOST:62DDA8B1D92DD5CF10E1F4C2F59520BA"]}, {"type": "cve", "idList": ["CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0501-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30384", "SECURITYVULNS:VULN:13629"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2883-1:8DB61"]}, {"type": "fedora", "idList": ["FEDORA:4D096223B2", "FEDORA:2C4F422842", "FEDORA:C11E422B1D", "FEDORA:4F72B60CB965", "FEDORA:053FD21F57", "FEDORA:C5F9F6087DB3", "FEDORA:AD49D22AD8", "FEDORA:B89DA22BFD"]}, {"type": "redhat", "idList": ["RHSA-2014:1744"]}, {"type": "gentoo", "idList": ["GLSA-201408-16"]}], "modified": "2016-09-26T17:24:26", "rev": 2}, "vulnersScore": 7.0}, "modified": "2014-03-11T00:00:00", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "33.0.1750.149", "operator": "lt", "packageName": "chromium", "arch": "noarch", "packageFilename": "UNKNOWN"}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 2, "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n7 vulnerabilities fixed in this release, including:\n\n[344881] High CVE-2014-1700: Use-after-free in speech. Credit\n\t to Chamal de Silva.\n[342618] High CVE-2014-1701: UXSS in events. Credit to\n\t aidanhs.\n[333058] High CVE-2014-1702: Use-after-free in web database.\n\t Credit to Collin Payne.\n[338354] High CVE-2014-1703: Potential sandbox escape due to a\n\t use-after-free in web sockets.\n[328202, 349079, 345715] CVE-2014-1704: Multiple\n\t vulnerabilities in V8 fixed in version 3.23.17.18.\n\n\n", "references": ["http://googlechromereleases.blogspot.nl/"], "id": "24CEFA4B-A940-11E3-91F2-00262D5ED8EE", "lastseen": "2016-09-26T17:24:26"}
{"nessus": [{"lastseen": "2021-01-01T03:30:09", "description": "The version of Google Chrome installed on the remote Mac OS X host is a\nversion prior to 33.0.1750.149. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to 'speech' and\n 'web database' processing. (CVE-2014-1700,\n CVE-2014-1702)\n\n - An input validation error exists related to 'events'\n handling that could allow universal cross-site\n scripting (UXSS) attacks. (CVE-2014-1701)\n\n - A use-after-free error exists related to 'web sockets'\n that could allow sandbox protection bypass.\n (CVE-2014-1703)\n\n - Multiple unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1704)", "edition": 26, "published": "2014-03-11T00:00:00", "title": "Google Chrome < 33.0.1750.149 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_33_0_1750_149.NASL", "href": "https://www.tenable.com/plugins/nessus/72940", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72940);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1700\",\n \"CVE-2014-1701\",\n \"CVE-2014-1702\",\n \"CVE-2014-1703\",\n \"CVE-2014-1704\"\n );\n script_bugtraq_id(66120);\n\n script_name(english:\"Google Chrome < 33.0.1750.149 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is a\nversion prior to 33.0.1750.149. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to 'speech' and\n 'web database' processing. (CVE-2014-1700,\n CVE-2014-1702)\n\n - An input validation error exists related to 'events'\n handling that could allow universal cross-site\n scripting (UXSS) attacks. (CVE-2014-1701)\n\n - A use-after-free error exists related to 'web sockets'\n that could allow sandbox protection bypass.\n (CVE-2014-1703)\n\n - Multiple unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1704)\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab397f6f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.149 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1704\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'33.0.1750.149', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:05:31", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.149. It is, therefore, affected by the following\nvulnerabilities :\n\n - Use-after-free errors exist related to 'speech' and\n 'web database' processing. (CVE-2014-1700,\n CVE-2014-1702)\n\n - An input validation error exists related to 'events'\n handling that could allow universal cross-site\n scripting (UXSS) attacks. (CVE-2014-1701)\n\n - A use-after-free error exists related to 'web sockets'\n that could allow sandbox protection bypass.\n (CVE-2014-1703)\n\n - Multiple unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1704)", "edition": 26, "published": "2014-03-11T00:00:00", "title": "Google Chrome < 33.0.1750.149 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_33_0_1750_149.NASL", "href": "https://www.tenable.com/plugins/nessus/72939", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72939);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1700\",\n \"CVE-2014-1701\",\n \"CVE-2014-1702\",\n \"CVE-2014-1703\",\n \"CVE-2014-1704\"\n );\n script_bugtraq_id(66120);\n\n script_name(english:\"Google Chrome < 33.0.1750.149 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.149. It is, therefore, affected by the following\nvulnerabilities :\n\n - Use-after-free errors exist related to 'speech' and\n 'web database' processing. (CVE-2014-1700,\n CVE-2014-1702)\n\n - An input validation error exists related to 'events'\n handling that could allow universal cross-site\n scripting (UXSS) attacks. (CVE-2014-1701)\n\n - A use-after-free error exists related to 'web sockets'\n that could allow sandbox protection bypass.\n (CVE-2014-1703)\n\n - Multiple unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1704)\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab397f6f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.149 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1704\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'33.0.1750.149', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:40:40", "description": "Google Chrome Releases reports :\n\n7 vulnerabilities fixed in this release, including :\n\n- [344881] High CVE-2014-1700: Use-after-free in speech. Credit to\nChamal de Silva.\n\n- [342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.\n\n- [333058] High CVE-2014-1702: Use-after-free in web database. Credit\nto Collin Payne.\n\n- [338354] High CVE-2014-1703: Potential sandbox escape due to a\nuse-after-free in web sockets.\n\n- [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in\nV8 fixed in version 3.23.17.18.", "edition": 20, "published": "2014-03-12T00:00:00", "title": "FreeBSD : www/chromium --multiple vulnerabilities (24cefa4b-a940-11e3-91f2-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "modified": "2014-03-12T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_24CEFA4BA94011E391F200262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/72955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72955);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\");\n\n script_name(english:\"FreeBSD : www/chromium --multiple vulnerabilities (24cefa4b-a940-11e3-91f2-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n7 vulnerabilities fixed in this release, including :\n\n- [344881] High CVE-2014-1700: Use-after-free in speech. Credit to\nChamal de Silva.\n\n- [342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.\n\n- [333058] High CVE-2014-1702: Use-after-free in web database. Credit\nto Collin Payne.\n\n- [338354] High CVE-2014-1703: Potential sandbox escape due to a\nuse-after-free in web sockets.\n\n- [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in\nV8 fixed in version 3.23.17.18.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/24cefa4b-a940-11e3-91f2-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21b97bdb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<33.0.1750.149\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:16", "description": "Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1705", "CVE-2014-1714", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1715", "CVE-2014-1702", "CVE-2014-1700"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2014-280.NASL", "href": "https://www.tenable.com/plugins/nessus/75318", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-280.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75318);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)\");\n script_summary(english:\"Check for the openSUSE-2014-280 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-25.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:37", "description": "Common Vulnerabilities and Exposures assigned an identifier\nCVE-2014-1704 to the following vulnerability :\n\nURL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704\n\nMultiple unspecified vulnerabilities in Google V8 before 3.23.17.18,\nas used in Google Chrome before 33.0.1750.149, allow attackers to\ncause a denial of service or possibly have other impact via unknown\nvectors.\n\nOnly one vulnerability in this CVE affects v8-3.14.5.10 in Fedora.\nThis update fixes the vulnerability involving unsigned integer\narithmetic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-04-03T00:00:00", "title": "Fedora 19 : v8-3.14.5.10-7.fc19 (2014-4081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1704"], "modified": "2014-04-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:v8"], "id": "FEDORA_2014-4081.NASL", "href": "https://www.tenable.com/plugins/nessus/73312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4081.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73312);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1704\");\n script_bugtraq_id(66120);\n script_xref(name:\"FEDORA\", value:\"2014-4081\");\n\n script_name(english:\"Fedora 19 : v8-3.14.5.10-7.fc19 (2014-4081)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Common Vulnerabilities and Exposures assigned an identifier\nCVE-2014-1704 to the following vulnerability :\n\nURL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704\n\nMultiple unspecified vulnerabilities in Google V8 before 3.23.17.18,\nas used in Google Chrome before 33.0.1750.149, allow attackers to\ncause a denial of service or possibly have other impact via unknown\nvectors.\n\nOnly one vulnerability in this CVE affects v8-3.14.5.10 in Fedora.\nThis update fixes the vulnerability involving unsigned integer\narithmetic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1077136\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130940.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14146012\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"v8-3.14.5.10-7.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:39", "description": "Common Vulnerabilities and Exposures assigned an identifier\nCVE-2014-1704 to the following vulnerability :\n\nURL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704\n\nMultiple unspecified vulnerabilities in Google V8 before 3.23.17.18,\nas used in Google Chrome before 33.0.1750.149, allow attackers to\ncause a denial of service or possibly have other impact via unknown\nvectors.\n\nOnly one vulnerability in this CVE affects v8-3.14.5.10 in Fedora.\nThis update fixes the vulnerability involving unsigned integer\narithmetic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-04-16T00:00:00", "title": "Fedora 20 : v8-3.14.5.10-7.fc20 (2014-4625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1704"], "modified": "2014-04-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:v8"], "id": "FEDORA_2014-4625.NASL", "href": "https://www.tenable.com/plugins/nessus/73538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4625.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73538);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1704\");\n script_bugtraq_id(66120);\n script_xref(name:\"FEDORA\", value:\"2014-4625\");\n\n script_name(english:\"Fedora 20 : v8-3.14.5.10-7.fc20 (2014-4625)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Common Vulnerabilities and Exposures assigned an identifier\nCVE-2014-1704 to the following vulnerability :\n\nURL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704\n\nMultiple unspecified vulnerabilities in Google V8 before 3.23.17.18,\nas used in Google Chrome before 33.0.1750.149, allow attackers to\ncause a denial of service or possibly have other impact via unknown\nvectors.\n\nOnly one vulnerability in this CVE affects v8-3.14.5.10 in Fedora.\nThis update fixes the vulnerability involving unsigned integer\narithmetic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1077136\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca3e1b48\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"v8-3.14.5.10-7.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:48:23", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium's web contents color chooser.\n\n - CVE-2013-6654\n TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655\n cloudfuzzer discovered a use-after-free issue in dom\n event handling.\n\n - CVE-2013-6656\n NeexEmil discovered an information leak in the XSS\n auditor.\n\n - CVE-2013-6657\n NeexEmil discovered a way to bypass the Same Origin\n policy in the XSS auditor.\n\n - CVE-2013-6658\n cloudfuzzer discovered multiple use-after-free issues\n surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan\n discovered that it was possible to trigger an unexpected\n certificate chain during TLS renegotiation.\n\n - CVE-2013-6660\n bishopjeffreys discovered an information leak in the\n drag and drop implementation.\n\n - CVE-2013-6661\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.117.\n\n - CVE-2013-6663\n Atte Kettunen discovered a use-after-free issue in SVG\n handling.\n\n - CVE-2013-6664\n Khalil Zhani discovered a use-after-free issue in the\n speech recognition feature.\n\n - CVE-2013-6665\n cloudfuzzer discovered a buffer overflow issue in the\n software renderer.\n\n - CVE-2013-6666\n netfuzzer discovered a restriction bypass in the Pepper\n Flash plugin.\n\n - CVE-2013-6667\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.146.\n\n - CVE-2013-6668\n Multiple vulnerabilities were fixed in version\n 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700\n Chamal de Silva discovered a use-after-free issue in\n speech synthesis.\n\n - CVE-2014-1701\n aidanhs discovered a cross-site scripting issue in event\n handling.\n\n - CVE-2014-1702\n Colin Payne discovered a use-after-free issue in the web\n database implementation.\n\n - CVE-2014-1703\n VUPEN discovered a use-after-free issue in web sockets\n that could lead to a sandbox escape.\n\n - CVE-2014-1704\n Multiple vulnerabilities were fixed in version\n 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705\n A memory corruption issue was discovered in the V8\n JavaScript library.\n\n - CVE-2014-1713\n A use-after-free issue was discovered in the\n AttributeSetter function.\n\n - CVE-2014-1715\n A directory traversal issue was found and fixed.", "edition": 17, "published": "2014-03-25T00:00:00", "title": "Debian DSA-2883-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "modified": "2014-03-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/73164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2883. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73164);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_bugtraq_id(65699, 65930, 66120, 66239, 66243, 66249);\n script_xref(name:\"DSA\", value:\"2883\");\n\n script_name(english:\"Debian DSA-2883-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium's web contents color chooser.\n\n - CVE-2013-6654\n TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655\n cloudfuzzer discovered a use-after-free issue in dom\n event handling.\n\n - CVE-2013-6656\n NeexEmil discovered an information leak in the XSS\n auditor.\n\n - CVE-2013-6657\n NeexEmil discovered a way to bypass the Same Origin\n policy in the XSS auditor.\n\n - CVE-2013-6658\n cloudfuzzer discovered multiple use-after-free issues\n surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan\n discovered that it was possible to trigger an unexpected\n certificate chain during TLS renegotiation.\n\n - CVE-2013-6660\n bishopjeffreys discovered an information leak in the\n drag and drop implementation.\n\n - CVE-2013-6661\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.117.\n\n - CVE-2013-6663\n Atte Kettunen discovered a use-after-free issue in SVG\n handling.\n\n - CVE-2013-6664\n Khalil Zhani discovered a use-after-free issue in the\n speech recognition feature.\n\n - CVE-2013-6665\n cloudfuzzer discovered a buffer overflow issue in the\n software renderer.\n\n - CVE-2013-6666\n netfuzzer discovered a restriction bypass in the Pepper\n Flash plugin.\n\n - CVE-2013-6667\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.146.\n\n - CVE-2013-6668\n Multiple vulnerabilities were fixed in version\n 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700\n Chamal de Silva discovered a use-after-free issue in\n speech synthesis.\n\n - CVE-2014-1701\n aidanhs discovered a cross-site scripting issue in event\n handling.\n\n - CVE-2014-1702\n Colin Payne discovered a use-after-free issue in the web\n database implementation.\n\n - CVE-2014-1703\n VUPEN discovered a use-after-free issue in web sockets\n that could lead to a sandbox escape.\n\n - CVE-2014-1704\n Multiple vulnerabilities were fixed in version\n 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705\n A memory corruption issue was discovered in the V8\n JavaScript library.\n\n - CVE-2014-1713\n A use-after-free issue was discovered in the\n AttributeSetter function.\n\n - CVE-2014-1715\n A directory traversal issue was found and fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2883\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 33.0.1750.152-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:08", "description": "The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2014-08-30T00:00:00", "title": "GLSA-201408-16 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "modified": "2014-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201408-16.NASL", "href": "https://www.tenable.com/plugins/nessus/77460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-16.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77460);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407);\n script_xref(name:\"GLSA\", value:\"201408-16\");\n\n script_name(english:\"GLSA-201408-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-37.0.2062.94'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 37.0.2062.94\"), vulnerable:make_list(\"lt 37.0.2062.94\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-22T17:03:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804339", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Mar2014 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Mar2014 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804339\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\");\n script_bugtraq_id(66120);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 12:49:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Mar2014 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error within 'modules/speech/SpeechSynthesis.cpp' in blink.\n\n - Insufficient cross-origin restriction within 'GenerateFunction' function in\n blink.\n\n - A use-after-free error within 'DatabaseThread::cleanupDatabaseThread'\n function in web database in blink.\n\n - A use-after-free error within 'WebSocketDispatcherHost::SendOrDrop' function\n in web sockets implementation.\n\n - More unspecified errors within v8.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to disclose potentially\nsensitive information, conduct cross-site scripting attacks, conduct denial\nof service, bypass certain security restrictions and possibly unspecified\nother impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.149 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.149 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57164\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_11.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.149\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.149\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804340", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Mar2014 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Mar2014 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804340\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\");\n script_bugtraq_id(66120);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 13:30:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Mar2014 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error within 'modules/speech/SpeechSynthesis.cpp' in blink.\n\n - Insufficient cross-origin restriction within 'GenerateFunction' function in\n blink.\n\n - A use-after-free error within 'DatabaseThread::cleanupDatabaseThread' function\n in web database in blink.\n\n - A use-after-free error within 'WebSocketDispatcherHost::SendOrDrop' function\n in web sockets implementation.\n\n - More unspecified errors within v8.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to disclose potentially\nsensitive information, conduct cross-site scripting attacks, conduct denial of\nservice, bypass certain security restrictions and possibly unspecified\nother impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.149 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.149 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57164\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_11.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.149\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.149\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1702", "CVE-2014-1700"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804341", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Mar2014 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Mar2014 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804341\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\");\n script_bugtraq_id(66120);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 12:49:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Mar2014 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error within 'modules/speech/SpeechSynthesis.cpp' in blink.\n\n - Insufficient cross-origin restriction within 'GenerateFunction' function in\n blink.\n\n - A use-after-free error within 'DatabaseThread::cleanupDatabaseThread' function\n in web database in blink.\n\n - A use-after-free error within 'WebSocketDispatcherHost::SendOrDrop' function\n in web sockets implementation.\n\n - More unspecified errors within v8.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to disclose potentially\nsensitive information, conduct cross-site scripting attacks, conduct denial of\nservice, bypass certain security restrictions and possibly unspecified\nother impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.149 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.149 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57164\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_11.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.149\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.149\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1705", "CVE-2014-1714", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1715", "CVE-2014-1702", "CVE-2014-1700"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850581", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2014:0501-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850581\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2014:0501-1)\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n\n - Security fixes:\n\n * CVE-2014-1713: Use-after-free in Blink bindings\n\n * CVE-2014-1714: Windows clipboard vulnerability\n\n * CVE-2014-1705: Memory corruption in V8\n\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n\n - Security fixes:\n\n * CVE-2014-1700: Use-after-free in speech\n\n * CVE-2014-1701: UXSS in events\n\n * CVE-2014-1702: Use-after-free in web database\n\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0501-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1703", "CVE-2014-1705", "CVE-2014-1714", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1715", "CVE-2014-1702", "CVE-2014-1700"], "description": "Check for the Version of chromium", "modified": "2017-12-08T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:850581", "href": "http://plugins.openvas.org/nasl.php?oid=850581", "type": "openvas", "title": "SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0501_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850581);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\");\n\n tag_insight = \"\n Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\";\n\n tag_affected = \"chromium on openSUSE 13.1, openSUSE 12.3\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0501_1\");\n script_summary(\"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium", "modified": "2019-03-19T00:00:00", "published": "2014-03-23T00:00:00", "id": "OPENVAS:1361412562310702883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702883", "type": "openvas", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702883\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2883.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654\nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658\ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659\nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660\nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663\nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665\ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666\nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668\nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700\nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701\naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703\nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704\nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705\nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713\nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715\nA directory traversal issue was found and fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:12:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.", "modified": "2017-08-23T00:00:00", "published": "2014-03-23T00:00:00", "id": "OPENVAS:702883", "href": "http://plugins.openvas.org/nasl.php?oid=702883", "type": "openvas", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702883);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2883.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1704", "CVE-2013-6640"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310868068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868068", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-9095", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2014-9095\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868068\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:01:12 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-1704\", \"CVE-2013-6640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for v8 FEDORA-2014-9095\");\n script_tag(name:\"affected\", value:\"v8 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9095\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136333.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~11.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1704", "CVE-2013-6640"], "description": "Check for the Version of v8", "modified": "2017-07-10T00:00:00", "published": "2014-04-16T00:00:00", "id": "OPENVAS:867702", "href": "http://plugins.openvas.org/nasl.php?oid=867702", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-4625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2014-4625\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867702);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 11:38:05 +0530 (Wed, 16 Apr 2014)\");\n script_cve_id(\"CVE-2014-1704\", \"CVE-2013-6640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for v8 FEDORA-2014-4625\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4625\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131460.html\");\n script_summary(\"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~7.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1704", "CVE-2013-6640"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-16T00:00:00", "id": "OPENVAS:1361412562310867702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867702", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-4625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2014-4625\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867702\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 11:38:05 +0530 (Wed, 16 Apr 2014)\");\n script_cve_id(\"CVE-2014-1704\", \"CVE-2013-6640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for v8 FEDORA-2014-4625\");\n script_tag(name:\"affected\", value:\"v8 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4625\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131460.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~7.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:14", "bulletinFamily": "info", "cvelist": ["CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703"], "description": "Google has fixed several serious security vulnerabilities in Chrome 33, just ahead of the [Pwn2Own](<https://threatpost.com/pwn2own-paying-150000-grand-prize-for-microsoft-emet-bypass/104015>) hacking competition at CanSecWest this week, which surely will reveal several more new bugs in the browser.\n\nThe company\u2019s Chrome browser is always at the top of the target list for contestants in Pwn2Own, which rewards them with cash prizes for demonstrating exploits against previously unknown vulnerabilities in the major browsers. A team from VUPEN, along with individual researchers, are lined up to go after Chrome, Internet Explorer, Safari and Adobe Reader and Flash. Google also runs its own Pwnium contest in parallel with Pwn2Own and offers large rewards for new attacks against Chrome.\n\nPwn2Own is set to begin Wednesday and run through Thursday at the conference, and on Tuesday Google patched four high-risk flaws in Chrome.\n\n[$4000][[**344881**](<https://code.google.com/p/chromium/issues/detail?id=344881>)] **High **CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva[**.**](<https://code.google.com/u/117154691211413633534/>)\n\n[$3000][[**342618**](<https://code.google.com/p/chromium/issues/detail?id=342618>)] **High** CVE-2014-1701: UXSS in events. Credit to aidanhs[**.**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1000][[**333058**](<https://code.google.com/p/chromium/issues/detail?id=333058>)] **High** CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne[**.**](<https://code.google.com/u/117154691211413633534/>)\n\n[[**338354**](<https://code.google.com/p/chromium/issues/detail?id=338354>)] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.\n\nGoogle likely will be releasing more patches for Chrome later this week as researchers demonstrate their new exploits.\n", "modified": "2014-03-12T19:09:51", "published": "2014-03-12T15:09:51", "id": "THREATPOST:62DDA8B1D92DD5CF10E1F4C2F59520BA", "href": "https://threatpost.com/google-fixes-four-high-risk-flaws-in-chrome-before-pwn2own/104749/", "type": "threatpost", "title": "Google Fixes Four High-Risk Flaws in Chrome Before Pwn2Own", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:58:21", "description": "Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.", "edition": 5, "cvss3": {}, "published": "2014-03-16T14:06:00", "title": "CVE-2014-1702", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1702"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.125", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.132", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.133", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:chrome:33.0.1750.146", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.126", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.124", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.135", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.144", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.8", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:chrome:33.0.1750.117", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:chrome:33.0.1750.136", "cpe:/a:google:chrome:33.0.1750.110"], "id": "CVE-2014-1702", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1702", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.144:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.146:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.", "edition": 5, "cvss3": {}, "published": "2014-03-16T14:06:00", "title": "CVE-2014-1700", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1700"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.125", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.132", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.133", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:chrome:33.0.1750.146", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.126", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.124", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.135", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.144", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.8", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:chrome:33.0.1750.117", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:chrome:33.0.1750.136", "cpe:/a:google:chrome:33.0.1750.110"], "id": "CVE-2014-1700", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1700", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.144:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.146:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2014-03-16T14:06:00", "title": "CVE-2014-1704", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1704"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:v8:3.23.5", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:v8:3.23.11", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:v8:3.23.0", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.125", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:v8:3.23.7", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.132", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.133", "cpe:/a:google:v8:3.23.15", "cpe:/a:google:v8:3.23.4", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:v8:3.23.3", "cpe:/a:google:chrome:33.0.1750.146", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:v8:3.23.10", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:v8:3.23.6", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.126", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:v8:3.23.8", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:v8:3.23.1", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.124", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:v8:3.23.16", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.135", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.144", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:v8:3.23.2", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.8", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:v8:3.23.17", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:v8:3.23.14", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:v8:3.23.9", "cpe:/a:google:chrome:33.0.1750.117", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:v8:3.23.12", "cpe:/a:google:chrome:33.0.1750.136", "cpe:/a:google:chrome:33.0.1750.110", "cpe:/a:google:v8:3.23.13"], "id": "CVE-2014-1704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1704", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.144:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.146:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:3.23.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.", "edition": 5, "cvss3": {}, "published": "2014-03-16T14:06:00", "title": "CVE-2014-1701", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1701"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.125", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.132", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.133", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:chrome:33.0.1750.146", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.126", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.124", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.135", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.144", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.8", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:chrome:33.0.1750.117", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:chrome:33.0.1750.136", "cpe:/a:google:chrome:33.0.1750.110"], "id": "CVE-2014-1701", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1701", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.144:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.146:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.", "edition": 5, "cvss3": {}, "published": "2014-03-16T14:06:00", "title": "CVE-2014-1703", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1703"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.125", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.132", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.133", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:chrome:33.0.1750.146", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.126", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.124", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.135", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.144", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.8", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:chrome:33.0.1750.117", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:chrome:33.0.1750.136", "cpe:/a:google:chrome:33.0.1750.110"], "id": "CVE-2014-1703", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1703", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.144:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.146:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1703", "CVE-2014-1705", "CVE-2014-1714", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-1715", "CVE-2014-1702", "CVE-2014-1700"], "description": "Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\n\n", "edition": 1, "modified": "2014-04-09T19:04:26", "published": "2014-04-09T19:04:26", "id": "OPENSUSE-SU-2014:0501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html", "type": "suse", "title": "chromium to 33.0.1750.152 stable release (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2883-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 23, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \r\n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\r\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\r\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\r\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\r\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\r\n\r\nSeveral vulnerabilities have been discovered in the chromium web browser.\r\n\r\nCVE-2013-6653\r\n\r\n Khalil Zhani discovered a use-after-free issue in chromium's web\r\n contents color chooser.\r\n\r\nCVE-2013-6654\r\n\r\n TheShow3511 discovered an issue in SVG handling.\r\n\r\nCVE-2013-6655\r\n\r\n cloudfuzzer discovered a use-after-free issue in dom event handling.\r\n\r\nCVE-2013-6656\r\n\r\n NeexEmil discovered an information leak in the XSS auditor.\r\n\r\nCVE-2013-6657\r\n\r\n NeexEmil discovered a way to bypass the Same Origin policy in the\r\n XSS auditor.\r\n\r\nCVE-2013-6658\r\n\r\n cloudfuzzer discovered multiple use-after-free issues surrounding\r\n the updateWidgetPositions function.\r\n\r\nCVE-2013-6659\r\n\r\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\r\n it was possible to trigger an unexpected certificate chain during\r\n TLS renegotiation.\r\n\r\nCVE-2013-6660\r\n\r\n bishopjeffreys discovered an information leak in the drag and drop\r\n implementation.\r\n\r\nCVE-2013-6661\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.117.\r\n\r\nCVE-2013-6663\r\n\r\n Atte Kettunen discovered a use-after-free issue in SVG handling.\r\n\r\nCVE-2013-6664\r\n\r\n Khalil Zhani discovered a use-after-free issue in the speech\r\n recognition feature.\r\n\r\nCVE-2013-6665\r\n\r\n cloudfuzzer discovered a buffer overflow issue in the software\r\n renderer.\r\n\r\nCVE-2013-6666\r\n\r\n netfuzzer discovered a restriction bypass in the Pepper Flash\r\n plugin.\r\n\r\nCVE-2013-6667\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.146.\r\n\r\nCVE-2013-6668\r\n\r\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1700\r\n\r\n Chamal de Silva discovered a use-after-free issue in speech\r\n synthesis.\r\n\r\nCVE-2014-1701\r\n\r\n aidanhs discovered a cross-site scripting issue in event handling.\r\n\r\nCVE-2014-1702\r\n\r\n Colin Payne discovered a use-after-free issue in the web database\r\n implementation.\r\n\r\nCVE-2014-1703\r\n\r\n VUPEN discovered a use-after-free issue in web sockets that\r\n could lead to a sandbox escape.\r\n\r\nCVE-2014-1704\r\n\r\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1705\r\n\r\n A memory corruption issue was discovered in the V8 javascript\r\n library.\r\n\r\nCVE-2014-1713\r\n\r\n A use-after-free issue was discovered in the AttributeSetter\r\n function. \r\n\r\nCVE-2014-1715\r\n\r\n A directory traversal issue was found and fixed.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 33.0.1750.152-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 33.0.1750.152-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN\r\no5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS\r\n4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH\r\nLQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T\r\npbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne\r\nFgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch\r\nV19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o\r\nY8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG\r\nea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq\r\nRcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4\r\ne/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG\r\nFx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72\r\ni7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD\r\ncdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc\r\n/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW\r\n0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu\r\nXdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22\r\nlBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI\r\nAr/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+\r\nTi/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY\r\nvoLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09\r\nyItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=\r\n=tb+u\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-25T00:00:00", "published": "2014-03-25T00:00:00", "id": "SECURITYVULNS:DOC:30384", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30384", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "description": "Memory corruprions, information leakage, certificate validation issues, protection bypass, crossite scripting, directory traversal.", "edition": 1, "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13629", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:02", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.\n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.\n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.\n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.\n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation.\n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.\n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.\n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer.\n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.\n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.\n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.\n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis.\n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation.\n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.\n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.\n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library.\n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nCVE-2014-1715\n\n A directory traversal issue was found and fixed.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-03-24T01:02:38", "published": "2014-03-24T01:02:38", "id": "DEBIAN:DSA-2883-1:8DB61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00055.html", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6640", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-04-15T15:32:56", "published": "2014-04-15T15:32:56", "id": "FEDORA:053FD21F57", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: v8-3.14.5.10-7.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6640", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-08-07T15:30:03", "published": "2014-08-07T15:30:03", "id": "FEDORA:B89DA22BFD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: v8-3.14.5.10-11.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6640", "CVE-2014-1704", "CVE-2015-0278"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2015-03-13T16:56:19", "published": "2015-03-13T16:56:19", "id": "FEDORA:4F72B60CB965", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: v8-3.14.5.10-17.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2882", "CVE-2013-6640", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-04-02T09:05:55", "published": "2014-04-02T09:05:55", "id": "FEDORA:4D096223B2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: v8-3.14.5.10-7.fc19", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6640", "CVE-2014-1704", "CVE-2014-3152"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2015-05-08T07:41:50", "published": "2015-05-08T07:41:50", "id": "FEDORA:C5F9F6087DB3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: v8-3.14.5.10-18.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2882", "CVE-2013-6640", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-08-15T02:33:38", "published": "2014-08-15T02:33:38", "id": "FEDORA:C11E422B1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: v8-3.14.5.10-11.fc19", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6640", "CVE-2013-6668", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-09-28T04:29:33", "published": "2014-09-28T04:29:33", "id": "FEDORA:AD49D22AD8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: v8-3.14.5.10-14.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2882", "CVE-2013-6640", "CVE-2013-6668", "CVE-2014-1704"], "description": "V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition. ", "modified": "2014-09-28T04:26:13", "published": "2014-09-28T04:26:13", "id": "FEDORA:2C4F422842", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: v8-3.14.5.10-14.fc19", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6639", "CVE-2013-6640", "CVE-2013-6650", "CVE-2013-6668", "CVE-2014-1704", "CVE-2014-5256"], "description": "V8 is Google's open source JavaScript engine.\n\nIt was discovered that V8 did not properly check the stack size limit in\ncertain cases. A remote attacker able to send a request that caused a\nscript executed by V8 to use deep recursion could trigger a stack overflow,\nleading to a crash of an application using V8. (CVE-2014-5256)\n\nMultiple flaws were discovered in V8. Untrusted JavaScript code executed by\nV8 could use either of these flaws to crash V8 or, possibly, execute\narbitrary code with the privileges of the user running V8. (CVE-2013-6639,\nCVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704)\n\nAll v8314-v8 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All applications using\nV8 must be restarted for this update to take effect.", "modified": "2018-06-13T01:28:17", "published": "2014-10-30T16:43:02", "id": "RHSA-2014:1744", "href": "https://access.redhat.com/errata/RHSA-2014:1744", "type": "redhat", "title": "(RHSA-2014:1744) Moderate: v8314-v8 security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "edition": 1, "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
