FreeBSD9DD47FA3-9D53-11E3-B20F-00262D5ED8EEchromium -- multiple vulnerabilities
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.034 Low
EPSS
Percentile
90.3%
Google Chrome Releases reports:
28 security fixes in this release, including:
[334897] High CVE-2013-6652: Issue with relative paths in
Windows sandbox named pipe policy. Credit to tyranid.
[331790] High CVE-2013-6653: Use-after-free related to web
contents. Credit to Khalil Zhani.
[333176] High CVE-2013-6654: Bad cast in SVG. Credit to
TheShow3511.
[293534] High CVE-2013-6655: Use-after-free in layout. Credit
to cloudfuzzer.
[331725] High CVE-2013-6656: Information leak in XSS auditor.
Credit to NeexEmil.
[331060] Medium CVE-2013-6657: Information leak in XSS auditor.
Credit to NeexEmil.
[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
to cloudfuzzer.
[306959] Medium CVE-2013-6659: Issue with certificates
validation in TLS handshake. Credit to Antoine Delignat-Lavaud
and Karthikeyan Bhargavan from Prosecco, Inria Paris.
[332579] Low CVE-2013-6660: Information leak in drag and drop.
Credit to bishopjeffreys.
[344876] Low-High CVE-2013-6661: Various fixes from internal
audits, fuzzing and other initiatives. Of these, seven are fixes
for issues that could have allowed for sandbox escapes from
compromised renderers.
References
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.034 Low
EPSS
Percentile
90.3%