FreeBSDE5414D0C-2ADE-11E3-821D-00262D5ED8EEchromium -- multiple vulnerabilities
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
89.6%
Google Chrome Releases reports:
50 security fixes in this release, including:
[223962][270758][271161][284785][284786] Medium CVE-2013-2906:
Races in Web Audio. Credit to Atte Kettunen of OUSPG.
[260667] Medium CVE-2013-2907: Out of bounds read in
Window.prototype object. Credit to Boris Zbarsky.
[265221] Medium CVE-2013-2908: Address bar spoofing related to
the Γ’ΒΒ204 No ContentΓ’ΒΒ status code. Credit to Chamal de Silva.
[265838][279277] High CVE-2013-2909: Use after free in
inline-block rendering. Credit to Atte Kettunen of OUSPG.
[269753] Medium CVE-2013-2910: Use-after-free in Web Audio.
Credit to Byoungyoung Lee of Georgia Tech Information Security
Center (GTISC).
[271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to
Atte Kettunen of OUSPG.
[276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to
Chamal de Silva and 41.w4r10r(at)garage4hackers.com.
[278908] High CVE-2013-2913: Use-after-free in XML document
parsing. Credit to cloudfuzzer.
[279263] High CVE-2013-2914: Use after free in the Windows
color chooser dialog. Credit to Khalil Zhani.
[280512] Low CVE-2013-2915: Address bar spoofing via a
malformed scheme. Credit to Wander Groeneveld.
[281256] High CVE-2013-2916: Address bar spoofing related to
the Γ’ΒΒ204 No ContentΓ’ΒΒ status code. Credit to Masato Kinugawa.
[281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.
Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
Information Security Center (GTISC).
[282088] High CVE-2013-2918: Use-after-free in DOM. Credit to
Byoungyoung Lee of Georgia Tech Information Security Center
(GTISC).
[282736] High CVE-2013-2919: Memory corruption in V8. Credit to
Adam Haile of Concrete Data.
[285742] Medium CVE-2013-2920: Out of bounds read in URL
parsing. Credit to Atte Kettunen of OUSPG.
[286414] High CVE-2013-2921: Use-after-free in resource loader.
Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
Information Security Center (GTISC).
[286975] High CVE-2013-2922: Use-after-free in template
element. Credit to Jon Butler.
[299016] CVE-2013-2923: Various fixes from internal audits,
fuzzing and other initiatives (Chrome 30).
[275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream
bug here.
References
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
89.6%