ID 69098C5C-FC4B-11E2-8AD0-00262D5ED8EE Type freebsd Reporter FreeBSD Modified 2013-07-30T00:00:00
Description
Google Chrome Releases reports:
Eleven vulnerabilities, including:
[257748] Medium CVE-2013-2881: Origin bypass in frame handling.
Credit to Karthik Bhargavan.
[260106] High CVE-2013-2882: Type confusion in V8. Credit to
Cloudfuzzer.
[260165] High CVE-2013-2883: Use-after-free in MutationObserver.
Credit to Cloudfuzzer.
[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan
Fratric of Google Security Team.
[249640] [257353] High CVE-2013-2885: Use-after-free in input
handling. Credit to Ivan Fratric of Google Security Team.
[261701] High CVE-2013-2886: Various fixes from internal audits,
fuzzing and other initiatives.
{"bulletinFamily": "unix", "reporter": "FreeBSD", "edition": 1, "viewCount": 1, "published": "2013-07-30T00:00:00", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "type": "freebsd", "id": "69098C5C-FC4B-11E2-8AD0-00262D5ED8EE", "objectVersion": "1.2", "references": ["http://www.googlechromereleases.blogspot.nl/"], "hashmap": [{"key": "affectedPackage", "hash": "dc530ce57095ad92ecc2231f1439a43f"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "9364a78e93dee510faa1dbea057c38fd"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "d19398ab9412423ee45d7603cb1ac941"}, {"key": "href", "hash": "88d8ed8dc4a354ba61f85399e1a7ec66"}, {"key": "modified", "hash": "2ec57e3401442eccf281b34d2546eef3"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "2ec57e3401442eccf281b34d2546eef3"}, {"key": "references", "hash": "c0f4eb9c3a6fbdcb45edd1aeb24d9e09"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "f2fc86205bbdcc937de18a4d12929cf8"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}, {"key": "viewCount", "hash": "cfcd208495d565ef66e7dff9f98764da"}], "description": "\nGoogle Chrome Releases reports:\n\nEleven vulnerabilities, including:\n[257748] Medium CVE-2013-2881: Origin bypass in frame handling.\n\t Credit to Karthik Bhargavan.\n[260106] High CVE-2013-2882: Type confusion in V8. Credit to\n\t Cloudfuzzer.\n[260165] High CVE-2013-2883: Use-after-free in MutationObserver.\n\t Credit to Cloudfuzzer.\n[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan\n\t Fratric of Google Security Team.\n[249640] [257353] High CVE-2013-2885: Use-after-free in input\n\t handling. Credit to Ivan Fratric of Google Security Team.\n[261701] High CVE-2013-2886: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n", "affectedPackage": [{"operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "OSVersion": "any", "OS": "FreeBSD", "arch": "noarch", "packageVersion": "28.0.1500.95"}], "modified": "2013-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/69098c5c-fc4b-11e2-8ad0-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "hash": "167b6dfb60d576826a28a72a0004450e90abde47f52d54c3043a8fff46e8716c", "lastseen": "2016-09-26T17:24:28", "history": [], "enchantments": {"vulnersScore": 5.0}}
{"result": {"cve": [{"id": "CVE-2013-2882", "type": "cve", "title": "CVE-2013-2882", "description": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"", "published": "2013-07-31T09:20:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2882", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-09-19T13:38:46"}, {"id": "CVE-2013-2886", "type": "cve", "title": "CVE-2013-2886", "description": "Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "published": "2013-07-31T09:20:14", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2886", "cvelist": ["CVE-2013-2886"], "lastseen": "2017-09-19T13:38:46"}, {"id": "CVE-2013-2884", "type": "cve", "title": "CVE-2013-2884", "description": "Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.", "published": "2013-07-31T09:20:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2884", "cvelist": ["CVE-2013-2884"], "lastseen": "2017-09-19T13:38:46"}, {"id": "CVE-2013-2881", "type": "cve", "title": "CVE-2013-2881", "description": "Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "published": "2013-07-31T09:20:13", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2881", "cvelist": ["CVE-2013-2881"], "lastseen": "2017-09-19T13:38:46"}, {"id": "CVE-2013-2883", "type": "cve", "title": "CVE-2013-2883", "description": "Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.", "published": "2013-07-31T09:20:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2883", "cvelist": ["CVE-2013-2883"], "lastseen": "2017-09-19T13:38:46"}, {"id": "CVE-2013-2885", "type": "cve", "title": "CVE-2013-2885", "description": "Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type.", "published": "2013-07-31T09:20:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2885", "cvelist": ["CVE-2013-2885"], "lastseen": "2017-09-19T13:38:46"}], "seebug": [{"id": "SSV:60931", "type": "seebug", "title": "Google Chrome\u7c7b\u578b\u6df7\u6dc6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2882)", "description": "BUGTRAQ ID: 61548\r\nCVE(CAN) ID: CVE-2013-2882\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5185\u4f7f\u7528\u7684Google V8\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60931", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-11-19T17:40:32"}, {"id": "SSV:60928", "type": "seebug", "title": "Google Chrome 28.0.1500.95\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "BUGTRAQ ID: 61514\r\nCVE(CAN) ID: CVE-2013-2881,CVE-2013-2882,CVE-2013-2883,CVE-2013-2884,CVE-2013-2885,CVE-2013-2886\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3001\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n0\nGoogle Chrome < 28.0.1500.95\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.google.com", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60928", "cvelist": ["CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886"], "lastseen": "2017-11-19T17:40:26"}, {"id": "SSV:60934", "type": "seebug", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2884)", "description": "BUGTRAQ ID: 61551\r\nCVE(CAN) ID: CVE-2013-2884\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728DOM\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u8ddf\u8e2a\u5305\u542bAttr\u5bf9\u8c61\u7684\u6587\u6863\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60934", "cvelist": ["CVE-2013-2884"], "lastseen": "2017-11-19T17:40:30"}, {"id": "SSV:60933", "type": "seebug", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2883)", "description": "BUGTRAQ ID: 61549\r\nCVE(CAN) ID: CVE-2013-2883\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728\u5220\u9664MutationObserver\u5bf9\u8c61\u6ce8\u518c\u65f6\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60933", "cvelist": ["CVE-2013-2883"], "lastseen": "2017-11-19T17:40:26"}, {"id": "SSV:60932", "type": "seebug", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2885)", "description": "BUGTRAQ ID: 61552\r\nCVE(CAN) ID: CVE-2013-2885\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728\u5b58\u5728\u591a\u4e2a\u5b57\u6bb5\u8f93\u51fa\u7c7b\u578b\u65f6\u5904\u7406JS\u4e8b\u4ef6\u7684\u65b9\u5f0f\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60932", "cvelist": ["CVE-2013-2885"], "lastseen": "2017-11-19T17:40:40"}], "nessus": [{"id": "FEDORA_2013-14205.NASL", "type": "nessus", "title": "Fedora 18 : v8-3.14.5.10-2.fc18 (2013-14205)", "description": "This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened since it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-08-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69358", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-10-29T13:45:38"}, {"id": "FEDORA_2013-14176.NASL", "type": "nessus", "title": "Fedora 19 : v8-3.14.5.10-2.fc19 (2013-14176)", "description": "This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened since it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-08-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69357", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-10-29T13:41:00"}, {"id": "FREEBSD_PKG_69098C5CFC4B11E28AD000262D5ED8EE.NASL", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)", "description": "Google Chrome Releases reports :\n\nEleven vulnerabilities, including :\n\n[257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.\n\n[260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.\n\n[260165] High CVE-2013-2883: Use-after-free in MutationObserver.\nCredit to Cloudfuzzer.\n\n[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.\n\n[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.\n\n[261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.", "published": "2013-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69214", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "lastseen": "2017-10-29T13:45:01"}, {"id": "GOOGLE_CHROME_28_0_1500_95.NASL", "type": "nessus", "title": "Google Chrome < 28.0.1500.95 Multiple Vulnerabilities", "description": "The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.95. It is, therefore, affected by multiple vulnerabilities :\n\n - A cross-origin restriction bypass error exists related to HTML frames. (CVE-2013-2881)\n\n - A type-confusion error exists in the V8 JavaScript engine. (CVE-2013-2882)\n\n - Use-after-free errors exist related to MutationObserver, DOM and input handling.\n (CVE-2013-2883, CVE-2013-2884, CVE-2013-2885)\n\n - Unspecified errors exist with no further details.\n (CVE-2013-2886)", "published": "2013-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69139", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "lastseen": "2017-10-29T13:46:03"}, {"id": "DEBIAN_DSA-2732.NASL", "type": "nessus", "title": "Debian DSA-2732-1 : chromium-browser - several vulnerabilities", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\n - CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling.\n\n - CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 JavaScript library.\n\n - CVE-2013-2883 Cloudfuzzer discovered a use-after-free issue in MutationObserver.\n\n - CVE-2013-2884 Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation.\n\n - CVE-2013-2885 Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling.\n\n - CVE-2013-2886 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies.", "published": "2013-08-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69227", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "lastseen": "2017-10-29T13:41:57"}, {"id": "GENTOO_GLSA-201309-16.NASL", "type": "nessus", "title": "GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact.\n Workaround :\n\n There is no known workaround at this time.", "published": "2013-09-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=70112", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "lastseen": "2017-10-29T13:34:17"}], "openvas": [{"id": "OPENVAS:1361412562310866502", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-14176", "description": "Check for the Version of v8", "published": "2013-08-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866502", "cvelist": ["CVE-2013-2882"], "lastseen": "2018-04-09T11:22:39"}, {"id": "OPENVAS:866502", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-14176", "description": "Check for the Version of v8", "published": "2013-08-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=866502", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-07-25T10:51:42"}, {"id": "OPENVAS:1361412562310867204", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-23437", "description": "Check for the Version of v8", "published": "2013-12-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867204", "cvelist": ["CVE-2013-2882", "CVE-2013-6639", "CVE-2013-6640"], "lastseen": "2018-04-06T11:22:01"}, {"id": "OPENVAS:867569", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-3253", "description": "Check for the Version of v8", "published": "2014-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867569", "cvelist": ["CVE-2013-2882", "CVE-2013-6650", "CVE-2013-6640"], "lastseen": "2017-07-25T10:48:51"}, {"id": "OPENVAS:867204", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-23437", "description": "Check for the Version of v8", "published": "2013-12-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867204", "cvelist": ["CVE-2013-2882", "CVE-2013-6639", "CVE-2013-6640"], "lastseen": "2018-01-18T11:09:00"}, {"id": "OPENVAS:867635", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-4081", "description": "Check for the Version of v8", "published": "2014-04-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867635", "cvelist": ["CVE-2013-2882", "CVE-2014-1704", "CVE-2013-6640"], "lastseen": "2017-07-25T10:48:52"}, {"id": "OPENVAS:1361412562310867635", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-4081", "description": "Check for the Version of v8", "published": "2014-04-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867635", "cvelist": ["CVE-2013-2882", "CVE-2014-1704", "CVE-2013-6640"], "lastseen": "2018-04-09T11:13:26"}, {"id": "OPENVAS:1361412562310868089", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-9113", "description": "Check for the Version of v8", "published": "2014-08-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868089", "cvelist": ["CVE-2013-2882", "CVE-2014-1704", "CVE-2013-6640"], "lastseen": "2018-04-09T11:11:57"}, {"id": "OPENVAS:1361412562310867569", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2014-3253", "description": "Check for the Version of v8", "published": "2014-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867569", "cvelist": ["CVE-2013-2882", "CVE-2013-6650", "CVE-2013-6640"], "lastseen": "2018-04-09T11:13:20"}, {"id": "OPENVAS:866459", "type": "openvas", "title": "Fedora Update for v8 FEDORA-2013-14205", "description": "Check for the Version of v8", "published": "2013-08-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=866459", "cvelist": ["CVE-2013-2882", "CVE-2013-2632", "CVE-2012-5128", "CVE-2012-5120"], "lastseen": "2018-01-18T11:08:38"}], "redhat": [{"id": "RHSA-2013:1201", "type": "redhat", "title": "(RHSA-2013:1201) Low: ruby193-v8 security update", "description": "V8 is Google's open source JavaScript engine.\n\nA type confusion issue was found in the V8 JavaScript engine. An attacker\ncould use this flaw to cause a denial of service or, potentially, execute\narbitrary code. (CVE-2013-2882)\n\nNote: Exploitation of this issue requires, at the least, execution of\nmalicious JavaScript. In the standard use case of ruby193-v8 in Red Hat\nOpenStack it is unlikely that a scenario exists where this would occur.\n\nUsers of ruby193-v8 are advised to upgrade to these updated packages,\nwhich correct this issue.\n", "published": "2013-09-03T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1201", "cvelist": ["CVE-2013-2882"], "lastseen": "2017-03-06T09:19:32"}], "debian": [{"id": "DSA-2732", "type": "debian", "title": "chromium-browser -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\n * [CVE-2013-2881](<https://security-tracker.debian.org/tracker/CVE-2013-2881>)\n\nKarthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling.\n\n * [CVE-2013-2882](<https://security-tracker.debian.org/tracker/CVE-2013-2882>)\n\nCloudfuzzer discovered a type confusion issue in the V8 javascript library.\n\n * [CVE-2013-2883](<https://security-tracker.debian.org/tracker/CVE-2013-2883>)\n\nCloudfuzzer discovered a use-after-free issue in MutationObserver.\n\n * [CVE-2013-2884](<https://security-tracker.debian.org/tracker/CVE-2013-2884>)\n\nIvan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation.\n\n * [CVE-2013-2885](<https://security-tracker.debian.org/tracker/CVE-2013-2885>)\n\nIvan Fratric of the Google Security Team discovered a use-after-free issue in input handling.\n\n * [CVE-2013-2886](<https://security-tracker.debian.org/tracker/CVE-2013-2886>)\n\nThe chrome 28 development team found various issues from internal fuzzing, audits, and other studies.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 28.0.1500.95-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in version 28.0.1500.95-1.\n\nWe recommend that you upgrade your chromium-browser packages.", "published": "2013-07-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2732", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "lastseen": "2016-09-02T18:26:28"}], "gentoo": [{"id": "GLSA-201309-16", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-29.0.1457.57\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.18.5.14\"", "published": "2013-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201309-16", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "lastseen": "2016-09-06T19:46:03"}]}}