Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)
2014-05-21T00:00:00
ID OPENVAS:1361412562310804600 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2020-04-20T00:00:00
Description
The host is installed with Google Chrome and is prone to multiple
vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
#
# Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)
#
# Authors:
# Shakeel <bshakeel@secpod.com>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:google:chrome";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804600");
script_version("2020-04-20T13:31:49+0000");
script_cve_id("CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742");
script_bugtraq_id(67374, 67376, 67375);
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)");
script_tag(name:"creation_date", value:"2014-05-21 14:56:09 +0530 (Wed, 21 May 2014)");
script_name("Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)");
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("General");
script_dependencies("gb_google_chrome_detect_portable_win.nasl");
script_mandatory_keys("GoogleChrome/Win/Ver");
script_xref(name:"URL", value:"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update.html");
script_tag(name:"summary", value:"The host is installed with Google Chrome and is prone to multiple
vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaws are due to,
- A use-after-free error in WebSockets.
- An integer overflow error in the 'CharacterData::deleteData' and
'CharacterData::replaceData' functions in dom/CharacterData.cpp.
- A use-after-free error in the 'FrameSelection::updateAppearance' function in
editing/FrameSelection.cpp related to editing.");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to conduct a denial of
service and potentially execute arbitrary code.");
script_tag(name:"affected", value:"Google Chrome version prior to 34.0.1847.137 on Windows.");
script_tag(name:"solution", value:"Upgrade to Google Chrome 34.0.1847.137 or later.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!chromeVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:chromeVer, test_version:"34.0.1847.137")){
report = report_fixed_ver(installed_version:chromeVer, fixed_version:"34.0.1847.137");
security_message(port:0, data:report);
exit(0);
}
exit(99);
{"id": "OPENVAS:1361412562310804600", "type": "openvas", "bulletinFamily": "scanner", "title": "Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "published": "2014-05-21T00:00:00", "modified": "2020-04-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804600", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["http://googlechromereleases.blogspot.in/2014/05/stable-channel-update.html"], "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "lastseen": "2020-04-22T17:03:07", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-1740", "CVE-2014-1742", "CVE-2014-1741"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841913", "OPENVAS:1361412562310702930", "OPENVAS:702930", "OPENVAS:1361412562310804602", "OPENVAS:1361412562310121260", "OPENVAS:1361412562310804601"]}, {"type": "freebsd", "idList": ["CDF450FC-DB52-11E3-A9FC-00262D5ED8EE"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2298-1.NASL", "FREEBSD_PKG_CDF450FCDB5211E3A9FC00262D5ED8EE.NASL", "GOOGLE_CHROME_34_0_1847_137.NASL", "MACOSX_GOOGLE_CHROME_34_0_1847_137.NASL", "GENTOO_GLSA-201408-16.NASL", "OPENSUSE-2014-420.NASL", "DEBIAN_DSA-2930.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30772", "SECURITYVULNS:VULN:13748"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2930-1:9D43E"]}, {"type": "ubuntu", "idList": ["USN-2298-1"]}, {"type": "gentoo", "idList": ["GLSA-201408-16"]}], "modified": "2020-04-22T17:03:07", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2020-04-22T17:03:07", "rev": 2}, "vulnersScore": 8.1}, "pluginID": "1361412562310804600", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804600\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_bugtraq_id(67374, 67376, 67375);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-21 14:56:09 +0530 (Wed, 21 May 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 May14 (Windows)\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update.html\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error in WebSockets.\n\n - An integer overflow error in the 'CharacterData::deleteData' and\n 'CharacterData::replaceData' functions in dom/CharacterData.cpp.\n\n - A use-after-free error in the 'FrameSelection::updateAppearance' function in\n editing/FrameSelection.cpp related to editing.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\n service and potentially execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.137 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.137 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.137\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.137\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "General"}
{"cve": [{"lastseen": "2020-12-09T19:58:21", "description": "Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.", "edition": 5, "cvss3": {}, "published": "2014-05-14T11:13:00", "title": "CVE-2014-1742", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1742"], "modified": "2017-12-28T02:29:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.118", "cpe:/a:google:chrome:34.0.1847.82", "cpe:/a:google:chrome:34.0.1847.0", "cpe:/a:google:chrome:34.0.1847.54", "cpe:/a:google:chrome:34.0.1847.36", "cpe:/a:google:chrome:34.0.1847.49", "cpe:/a:google:chrome:34.0.1847.46", "cpe:/a:google:chrome:34.0.1847.114", "cpe:/a:google:chrome:34.0.1847.8", "cpe:/a:google:chrome:34.0.1847.53", "cpe:/a:google:chrome:34.0.1847.116", "cpe:/a:google:chrome:34.0.1847.98", "cpe:/a:google:chrome:34.0.1847.72", "cpe:/a:google:chrome:34.0.1847.59", "cpe:/a:google:chrome:34.0.1847.10", "cpe:/a:google:chrome:34.0.1847.134", "cpe:/a:google:chrome:34.0.1847.91", "cpe:/a:google:chrome:34.0.1847.71", "cpe:/a:google:chrome:34.0.1847.130", "cpe:/a:google:chrome:34.0.1847.111", "cpe:/a:google:chrome:34.0.1847.80", "cpe:/a:google:chrome:34.0.1847.115", "cpe:/a:google:chrome:34.0.1847.99", "cpe:/a:google:chrome:34.0.1847.74", "cpe:/a:google:chrome:34.0.1847.55", "cpe:/a:google:chrome:34.0.1847.63", "cpe:/a:google:chrome:34.0.1847.4", "cpe:/a:google:chrome:34.0.1847.24", "cpe:/a:google:chrome:34.0.1847.120", "cpe:/a:google:chrome:34.0.1847.113", "cpe:/a:google:chrome:34.0.1847.83", "cpe:/a:google:chrome:34.0.1847.14", "cpe:/a:google:chrome:34.0.1847.86", "cpe:/a:google:chrome:34.0.1847.94", "cpe:/a:google:chrome:34.0.1847.44", "cpe:/a:google:chrome:34.0.1847.25", "cpe:/a:google:chrome:34.0.1847.101", "cpe:/a:google:chrome:34.0.1847.7", "cpe:/a:google:chrome:34.0.1847.56", "cpe:/a:google:chrome:34.0.1847.52", "cpe:/a:google:chrome:34.0.1847.73", "cpe:/a:google:chrome:34.0.1847.92", "cpe:/a:google:chrome:34.0.1847.6", "cpe:/a:google:chrome:34.0.1847.57", "cpe:/a:google:chrome:34.0.1847.50", "cpe:/a:google:chrome:34.0.1847.64", "cpe:/a:google:chrome:34.0.1847.65", "cpe:/a:google:chrome:34.0.1847.133", "cpe:/a:google:chrome:34.0.1847.135", "cpe:/a:google:chrome:34.0.1847.68", "cpe:/a:google:chrome:34.0.1847.42", "cpe:/a:google:chrome:34.0.1847.85", "cpe:/a:google:chrome:34.0.1847.3", "cpe:/a:google:chrome:34.0.1847.78", "cpe:/a:google:chrome:34.0.1847.103", "cpe:/a:google:chrome:34.0.1847.67", "cpe:/a:google:chrome:34.0.1847.132", "cpe:/a:google:chrome:34.0.1847.48", "cpe:/a:google:chrome:34.0.1847.136", "cpe:/a:google:chrome:34.0.1847.60", "cpe:/a:google:chrome:34.0.1847.43", "cpe:/a:google:chrome:34.0.1847.77", "cpe:/a:google:chrome:34.0.1847.37", "cpe:/a:google:chrome:34.0.1847.79", "cpe:/a:google:chrome:34.0.1847.62", "cpe:/a:google:chrome:34.0.1847.97", "cpe:/a:google:chrome:34.0.1847.9", "cpe:/a:google:chrome:34.0.1847.47", "cpe:/a:google:chrome:34.0.1847.75", "cpe:/a:google:chrome:34.0.1847.5", "cpe:/a:google:chrome:34.0.1847.131", "cpe:/a:google:chrome:34.0.1847.45", "cpe:/a:google:chrome:34.0.1847.112", "cpe:/a:google:chrome:34.0.1847.1", "cpe:/a:google:chrome:34.0.1847.38", "cpe:/a:google:chrome:34.0.1847.109", "cpe:/a:google:chrome:34.0.1847.15", "cpe:/a:google:chrome:34.0.1847.76", "cpe:/a:google:chrome:34.0.1847.39", "cpe:/a:google:chrome:34.0.1847.12", "cpe:/a:google:chrome:34.0.1847.41", "cpe:/a:google:chrome:34.0.1847.102", "cpe:/a:google:chrome:34.0.1847.58", "cpe:/a:google:chrome:34.0.1847.51", "cpe:/a:google:chrome:34.0.1847.100", "cpe:/a:google:chrome:34.0.1847.69", "cpe:/a:google:chrome:34.0.1847.104", "cpe:/a:google:chrome:34.0.1847.61", "cpe:/a:google:chrome:34.0.1847.87", "cpe:/a:google:chrome:34.0.1847.66", "cpe:/a:google:chrome:34.0.1847.23", "cpe:/a:google:chrome:34.0.1847.81", "cpe:/a:google:chrome:34.0.1847.2"], "id": "CVE-2014-1742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1742", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.134:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.130:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.131:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.135:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.", "edition": 5, "cvss3": {}, "published": "2014-05-14T11:13:00", "title": "CVE-2014-1740", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1740"], "modified": "2017-12-28T02:29:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.118", "cpe:/a:google:chrome:34.0.1847.82", "cpe:/a:google:chrome:34.0.1847.0", "cpe:/a:google:chrome:34.0.1847.54", "cpe:/a:google:chrome:34.0.1847.36", "cpe:/a:google:chrome:34.0.1847.49", "cpe:/a:google:chrome:34.0.1847.46", "cpe:/a:google:chrome:34.0.1847.114", "cpe:/a:google:chrome:34.0.1847.8", "cpe:/a:google:chrome:34.0.1847.53", "cpe:/a:google:chrome:34.0.1847.116", "cpe:/a:google:chrome:34.0.1847.98", "cpe:/a:google:chrome:34.0.1847.72", "cpe:/a:google:chrome:34.0.1847.59", "cpe:/a:google:chrome:34.0.1847.10", "cpe:/a:google:chrome:34.0.1847.134", "cpe:/a:google:chrome:34.0.1847.91", "cpe:/a:google:chrome:34.0.1847.71", "cpe:/a:google:chrome:34.0.1847.130", "cpe:/a:google:chrome:34.0.1847.111", "cpe:/a:google:chrome:34.0.1847.80", "cpe:/a:google:chrome:34.0.1847.115", "cpe:/a:google:chrome:34.0.1847.99", "cpe:/a:google:chrome:34.0.1847.74", "cpe:/a:google:chrome:34.0.1847.55", "cpe:/a:google:chrome:34.0.1847.63", "cpe:/a:google:chrome:34.0.1847.4", "cpe:/a:google:chrome:34.0.1847.24", "cpe:/a:google:chrome:34.0.1847.120", "cpe:/a:google:chrome:34.0.1847.113", "cpe:/a:google:chrome:34.0.1847.83", "cpe:/a:google:chrome:34.0.1847.14", "cpe:/a:google:chrome:34.0.1847.86", "cpe:/a:google:chrome:34.0.1847.94", "cpe:/a:google:chrome:34.0.1847.44", "cpe:/a:google:chrome:34.0.1847.25", "cpe:/a:google:chrome:34.0.1847.101", "cpe:/a:google:chrome:34.0.1847.7", "cpe:/a:google:chrome:34.0.1847.56", "cpe:/a:google:chrome:34.0.1847.52", "cpe:/a:google:chrome:34.0.1847.73", "cpe:/a:google:chrome:34.0.1847.92", "cpe:/a:google:chrome:34.0.1847.6", "cpe:/a:google:chrome:34.0.1847.57", "cpe:/a:google:chrome:34.0.1847.50", "cpe:/a:google:chrome:34.0.1847.64", "cpe:/a:google:chrome:34.0.1847.65", "cpe:/a:google:chrome:34.0.1847.133", "cpe:/a:google:chrome:34.0.1847.135", "cpe:/a:google:chrome:34.0.1847.68", "cpe:/a:google:chrome:34.0.1847.42", "cpe:/a:google:chrome:34.0.1847.85", "cpe:/a:google:chrome:34.0.1847.3", "cpe:/a:google:chrome:34.0.1847.78", "cpe:/a:google:chrome:34.0.1847.103", "cpe:/a:google:chrome:34.0.1847.67", "cpe:/a:google:chrome:34.0.1847.132", "cpe:/a:google:chrome:34.0.1847.48", "cpe:/a:google:chrome:34.0.1847.136", "cpe:/a:google:chrome:34.0.1847.60", "cpe:/a:google:chrome:34.0.1847.43", "cpe:/a:google:chrome:34.0.1847.77", "cpe:/a:google:chrome:34.0.1847.37", "cpe:/a:google:chrome:34.0.1847.79", "cpe:/a:google:chrome:34.0.1847.62", "cpe:/a:google:chrome:34.0.1847.97", "cpe:/a:google:chrome:34.0.1847.9", "cpe:/a:google:chrome:34.0.1847.47", "cpe:/a:google:chrome:34.0.1847.75", "cpe:/a:google:chrome:34.0.1847.5", "cpe:/a:google:chrome:34.0.1847.131", "cpe:/a:google:chrome:34.0.1847.45", "cpe:/a:google:chrome:34.0.1847.112", "cpe:/a:google:chrome:34.0.1847.1", "cpe:/a:google:chrome:34.0.1847.38", "cpe:/a:google:chrome:34.0.1847.109", "cpe:/a:google:chrome:34.0.1847.15", "cpe:/a:google:chrome:34.0.1847.76", "cpe:/a:google:chrome:34.0.1847.39", "cpe:/a:google:chrome:34.0.1847.12", "cpe:/a:google:chrome:34.0.1847.41", "cpe:/a:google:chrome:34.0.1847.102", "cpe:/a:google:chrome:34.0.1847.58", "cpe:/a:google:chrome:34.0.1847.51", "cpe:/a:google:chrome:34.0.1847.100", "cpe:/a:google:chrome:34.0.1847.69", "cpe:/a:google:chrome:34.0.1847.104", "cpe:/a:google:chrome:34.0.1847.61", "cpe:/a:google:chrome:34.0.1847.87", "cpe:/a:google:chrome:34.0.1847.66", "cpe:/a:google:chrome:34.0.1847.23", "cpe:/a:google:chrome:34.0.1847.81", "cpe:/a:google:chrome:34.0.1847.2"], "id": "CVE-2014-1740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1740", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.134:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.130:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.131:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.135:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.", "edition": 5, "cvss3": {}, "published": "2014-05-14T11:13:00", "title": "CVE-2014-1741", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1741"], "modified": "2017-12-28T02:29:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.118", "cpe:/a:google:chrome:34.0.1847.82", "cpe:/a:google:chrome:34.0.1847.0", "cpe:/a:google:chrome:34.0.1847.54", "cpe:/a:google:chrome:34.0.1847.36", "cpe:/a:google:chrome:34.0.1847.49", "cpe:/a:google:chrome:34.0.1847.46", "cpe:/a:google:chrome:34.0.1847.114", "cpe:/a:google:chrome:34.0.1847.8", "cpe:/a:google:chrome:34.0.1847.53", "cpe:/a:google:chrome:34.0.1847.116", "cpe:/a:google:chrome:34.0.1847.98", "cpe:/a:google:chrome:34.0.1847.72", "cpe:/a:google:chrome:34.0.1847.59", "cpe:/a:google:chrome:34.0.1847.10", "cpe:/a:google:chrome:34.0.1847.134", "cpe:/a:google:chrome:34.0.1847.91", "cpe:/a:google:chrome:34.0.1847.71", "cpe:/a:google:chrome:34.0.1847.130", "cpe:/a:google:chrome:34.0.1847.111", "cpe:/a:google:chrome:34.0.1847.80", "cpe:/a:google:chrome:34.0.1847.115", "cpe:/a:google:chrome:34.0.1847.99", "cpe:/a:google:chrome:34.0.1847.74", "cpe:/a:google:chrome:34.0.1847.55", "cpe:/a:google:chrome:34.0.1847.63", "cpe:/a:google:chrome:34.0.1847.4", "cpe:/a:google:chrome:34.0.1847.24", "cpe:/a:google:chrome:34.0.1847.120", "cpe:/a:google:chrome:34.0.1847.113", "cpe:/a:google:chrome:34.0.1847.83", "cpe:/a:google:chrome:34.0.1847.14", "cpe:/a:google:chrome:34.0.1847.86", "cpe:/a:google:chrome:34.0.1847.94", "cpe:/a:google:chrome:34.0.1847.44", "cpe:/a:google:chrome:34.0.1847.25", "cpe:/a:google:chrome:34.0.1847.101", "cpe:/a:google:chrome:34.0.1847.7", "cpe:/a:google:chrome:34.0.1847.56", "cpe:/a:google:chrome:34.0.1847.52", "cpe:/a:google:chrome:34.0.1847.73", "cpe:/a:google:chrome:34.0.1847.92", "cpe:/a:google:chrome:34.0.1847.6", "cpe:/a:google:chrome:34.0.1847.57", "cpe:/a:google:chrome:34.0.1847.50", "cpe:/a:google:chrome:34.0.1847.64", "cpe:/a:google:chrome:34.0.1847.65", "cpe:/a:google:chrome:34.0.1847.133", "cpe:/a:google:chrome:34.0.1847.135", "cpe:/a:google:chrome:34.0.1847.68", "cpe:/a:google:chrome:34.0.1847.42", "cpe:/a:google:chrome:34.0.1847.85", "cpe:/a:google:chrome:34.0.1847.3", "cpe:/a:google:chrome:34.0.1847.78", "cpe:/a:google:chrome:34.0.1847.103", "cpe:/a:google:chrome:34.0.1847.67", "cpe:/a:google:chrome:34.0.1847.132", "cpe:/a:google:chrome:34.0.1847.48", "cpe:/a:google:chrome:34.0.1847.136", "cpe:/a:google:chrome:34.0.1847.60", "cpe:/a:google:chrome:34.0.1847.43", "cpe:/a:google:chrome:34.0.1847.77", "cpe:/a:google:chrome:34.0.1847.37", "cpe:/a:google:chrome:34.0.1847.79", "cpe:/a:google:chrome:34.0.1847.62", "cpe:/a:google:chrome:34.0.1847.97", "cpe:/a:google:chrome:34.0.1847.9", "cpe:/a:google:chrome:34.0.1847.47", "cpe:/a:google:chrome:34.0.1847.75", "cpe:/a:google:chrome:34.0.1847.5", "cpe:/a:google:chrome:34.0.1847.131", "cpe:/a:google:chrome:34.0.1847.45", "cpe:/a:google:chrome:34.0.1847.112", "cpe:/a:google:chrome:34.0.1847.1", "cpe:/a:google:chrome:34.0.1847.38", "cpe:/a:google:chrome:34.0.1847.109", "cpe:/a:google:chrome:34.0.1847.15", "cpe:/a:google:chrome:34.0.1847.76", "cpe:/a:google:chrome:34.0.1847.39", "cpe:/a:google:chrome:34.0.1847.12", "cpe:/a:google:chrome:34.0.1847.41", "cpe:/a:google:chrome:34.0.1847.102", "cpe:/a:google:chrome:34.0.1847.58", "cpe:/a:google:chrome:34.0.1847.51", "cpe:/a:google:chrome:34.0.1847.100", "cpe:/a:google:chrome:34.0.1847.69", "cpe:/a:google:chrome:34.0.1847.104", "cpe:/a:google:chrome:34.0.1847.61", "cpe:/a:google:chrome:34.0.1847.87", "cpe:/a:google:chrome:34.0.1847.66", "cpe:/a:google:chrome:34.0.1847.23", "cpe:/a:google:chrome:34.0.1847.81", "cpe:/a:google:chrome:34.0.1847.2"], "id": "CVE-2014-1741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1741", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.132:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.134:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.136:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.130:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.131:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.133:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.135:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-08-03T10:48:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "Several vulnerabilties have been discovered in the chromium web browser.\n\nCVE-2014-1740 \nCollin Payne discovered a use-after-free issue in chromium's\nWebSockets implementation.\n\nCVE-2014-1741 \nJohn Butler discovered multiple integer overflow issues in the\nBlink/Webkit document object model implementation.\n\nCVE-2014-1742 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ntext editing feature.", "modified": "2017-07-19T00:00:00", "published": "2014-05-17T00:00:00", "id": "OPENVAS:702930", "href": "http://plugins.openvas.org/nasl.php?oid=702930", "type": "openvas", "title": "Debian Security Advisory DSA 2930-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2930.nasl 6759 2017-07-19 09:56:33Z teissa $\n# Auto-generated from advisory DSA 2930-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.137-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.137-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilties have been discovered in the chromium web browser.\n\nCVE-2014-1740 \nCollin Payne discovered a use-after-free issue in chromium's\nWebSockets implementation.\n\nCVE-2014-1741 \nJohn Butler discovered multiple integer overflow issues in the\nBlink/Webkit document object model implementation.\n\nCVE-2014-1742 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ntext editing feature.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702930);\n script_version(\"$Revision: 6759 $\");\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_name(\"Debian Security Advisory DSA 2930-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-17 00:00:00 +0200 (Sat, 17 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2930.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:03:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-05-21T00:00:00", "id": "OPENVAS:1361412562310804602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804602", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 May14 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 May14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804602\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_bugtraq_id(67374, 67376, 67375);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-21 15:25:49 +0530 (Wed, 21 May 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 May14 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error in WebSockets.\n\n - An integer overflow error in the 'CharacterData::deleteData' and\n'CharacterData::replaceData' functions in dom/CharacterData.cpp.\n\n - A use-after-free error in the 'FrameSelection::updateAppearance' function in\nediting/FrameSelection.cpp related to editing.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice and potentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.137 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.137 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.137\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.137\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-05-21T00:00:00", "id": "OPENVAS:1361412562310804601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804601", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 May14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 May14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804601\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_bugtraq_id(67374, 67376, 67375);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-21 15:13:49 +0530 (Wed, 21 May 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 May14 (Mac OS X)\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update.html\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error in WebSockets.\n\n - An integer overflow error in the 'CharacterData::deleteData' and\n 'CharacterData::replaceData' functions in dom/CharacterData.cpp.\n\n - A use-after-free error in the 'FrameSelection::updateAppearance' function in\n editing/FrameSelection.cpp related to editing.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\n service and potentially execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.137 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.137 or later.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.137\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.137\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n CVE-2014-1740\n Collin Payne discovered a use-after-free issue in chromium", "modified": "2019-03-19T00:00:00", "published": "2014-05-17T00:00:00", "id": "OPENVAS:1361412562310702930", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702930", "type": "openvas", "title": "Debian Security Advisory DSA 2930-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2930.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2930-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702930\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_name(\"Debian Security Advisory DSA 2930-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-17 00:00:00 +0200 (Sat, 17 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2930.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\n version 34.0.1847.137-1~deb7u1.\n\n For the testing distribution (jessie), these problems will be fixed soon.\n\n For the unstable distribution (sid), these problems have been fixed in\n version 34.0.1847.137-1.\n\n We recommend that you upgrade your chromium-browser packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\n CVE-2014-1740\n Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation.\n\n CVE-2014-1741\n John Butler discovered multiple integer overflow issues in the\n Blink/Webkit document object model implementation.\n\n CVE-2014-1742\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit text editing feature.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.137-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3155", "CVE-2014-1735", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-3152", "CVE-2014-3157", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-1746", "CVE-2014-3162", "CVE-2014-1730", "CVE-2014-3160", "CVE-2014-1748", "CVE-2014-1741", "CVE-2014-3803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310841913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841913", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-2298-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2298_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for oxide-qt USN-2298-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841913\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:39:33 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1735\", \"CVE-2014-3162\",\n \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\",\n \"CVE-2014-1744\", \"CVE-2014-1746\", \"CVE-2014-1748\", \"CVE-2014-3152\",\n \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3157\", \"CVE-2014-3160\",\n \"CVE-2014-3803\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"Ubuntu Update for oxide-qt USN-2298-1\");\n\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"A type confusion bug was discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash, or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in\nChromium. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via renderer crash or execute arbitrary code with the privileges\nof the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer crash\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked\nin to opening a specially crafter website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to\nthe parent frame in some circumstances. An attacker could potentially\nexploit ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2298-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2298-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "description": "Gentoo Linux Local Security Checks GLSA 201408-16", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121260", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201408-16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121260\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-16\");\n script_cve_id(\"CVE-2014-1741\", \"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 37.0.2062.94\"), vulnerable: make_list(\"lt 37.0.2062.94\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n3 security fixes in this release:\n\n[358038] High CVE-2014-1740: Use-after-free in WebSockets.\n\t Credit to Collin Payne.\n[349898] High CVE-2014-1741: Integer overflow in DOM ranges.\n\t Credit to John Butler.\n[356690] High CVE-2014-1742: Use-after-free in editing. Credit\n\t to cloudfuzzer.\n\n\n", "modified": "2014-05-13T00:00:00", "published": "2014-05-13T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/cdf450fc-db52-11e3-a9fc-00262d5ed8ee.html", "id": "CDF450FC-DB52-11E3-A9FC-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2930-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMay 17, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2014-1740 CVE-2014-1741 CVE-2014-1742\r\n\r\nSeveral vulnerabilties have been discovered in the chromium web browser.\r\n\r\nCVE-2014-1740\r\n\r\n Collin Payne discovered a use-after-free issue in chromium's\r\n WebSockets implementation.\r\n\r\nCVE-2014-1741\r\n\r\n John Butler discovered multiple integer overflow issues in the\r\n Blink/Webkit document object model implementation.\r\n\r\nCVE-2014-1742\r\n\r\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\r\n text editing feature.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 34.0.1847.137-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 34.0.1847.137-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTd6vsAAoJELjWss0C1vRzzlwgAL0YcUYVeTRxkjLQZzr2dl5I\r\nJuSD4Fl3Of8mB1TCPki9u70HLI6joDROXjtWe8pqOO65T5eVVJzmnanUhuMytwRe\r\nIv8s3k4PWgbjhJbZV/c3FYs/vhVn28zsJr1S4g8BSjT7AX90De32K2uqSzTbZ3dX\r\nhUPaYM0CTs2sJAo3hhcwmc/WbB5FDhonLTuZZtcuHnkcMRYZkxDT0BOB19fApP1Y\r\nOK+Xd9/cZhmFBY/Kn2IyOU2BQY0DX5xPe/E9PYGT5GHGd6FhrM+yDYOQgRoUEAxD\r\niOsYZz++YhMmTSNEhPHmZw19q/wSR4ZE4EzP0gNju0k+wOCDvNySUUSPr6eSCXT7\r\n03+Bi/+8j0gxKTfNt5Ot4Ihzb4m4/pukI0YTK52Oe1n30yV2Z3dEQMVFNQVkrv0z\r\nfmF7QoWskVYJZYqQot52OYllfCC1J2b/XRagdE06GkPEogh5G6vWIAbSXCm9LHsS\r\nk2I5Oob9oOtqlXWNY0ucKiOvNtjP7r/Dy2lErAH5GEPb/Enfq2qkBJRbfPuU0Lye\r\nxdlg1P0edzzCK1lrYobgVTZEsRByFy4hBYgx4soMTO1ZQrUmJ+B/97lY01EbCiO+\r\nZ7Ary/r5vo1GEfMeZ51f8XtiJnJznW5Wo5yL+rrP6lWYSFKUAk+yDtUKzdf278Il\r\nlald0aEp6Vvl2o8Y16v32TLi0k7MVYEf2ffHw5cXr8Jn7QiQyxVEoVjhi5vDhPPe\r\nxZhB0Ss6FiyBlBLqtSJ8A9yNBW0u9UWgb3YEPvogdrEzbCS6WRkZpCSwHGdVaFYI\r\nO5P+6gAVm8Aeci1Y6aTg8gVRbjEGU2yHLRFXmvkanIz1MExcVDYB3HRb/MIKtn+U\r\nrklIVuWXrfQ50VMtSxFM/pC1bIC7PkdqC902LuSUEimACghN1QXGQnQgIVoUhvSw\r\nIGU5PCYSGVI0U9m/z35mOwumDX3JtkAPM1nZD+5LpY/h7IyWYjN9Br9QEuIlWunS\r\nQPD+kbSluAzKXJjtNny1Y+58vvG0jq1hMVPNY0BXtaVeJ2kmOu4ex8qobhWd3hcB\r\nYP+YfrTXFOsx5HmBxlJvFcsJ2QuP8wBPC66p+IcQT5q3ShpyDQVmAnjemCcM65rh\r\nAeP4dnKojkzPXE6vsEh4vbCbpudQ63ZsNUIRQr0/4K7tlkp9DVvw/78YON8VOhLZ\r\n8QuybOkE3OBLsoMt2I0DaUwGJAJE29yswppYUAMifwvTUcCHTqFPgNxXc//hVWPK\r\nr71jJtg8iCLkFAiXZgmQvYl34yGc3kGpFlyq8C7AF9oNhnnp2LP3gpoEK5QHM1cz\r\nJWCpl9jcaCi+EM5MacwIlMdVhtSvx6dDzoAOCE5vFZ0a39ONShVDrKGFIJRzBSk=\r\n=y9a+\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-30T00:00:00", "published": "2014-05-30T00:00:00", "id": "SECURITYVULNS:DOC:30772", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30772", "title": "[SECURITY] [DSA 2930-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-1747", "CVE-2014-1735", "CVE-2014-1742", "CVE-2014-3152", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1744", "CVE-2014-1736", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1730", "CVE-2014-1748", "CVE-2014-1741"], "description": "Protection bypass, use-after-free, memory corruptions, integer overflow.", "edition": 1, "modified": "2014-06-09T00:00:00", "published": "2014-06-09T00:00:00", "id": "SECURITYVULNS:VULN:13748", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13748", "title": "Google Chrome / Chromium multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2930-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 17, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2014-1740 CVE-2014-1741 CVE-2014-1742\n\nSeveral vulnerabilties have been discovered in the chromium web browser.\n\nCVE-2014-1740\n\n Collin Payne discovered a use-after-free issue in chromium's\n WebSockets implementation.\n\nCVE-2014-1741\n\n John Butler discovered multiple integer overflow issues in the\n Blink/Webkit document object model implementation.\n\nCVE-2014-1742\n\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n text editing feature.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.137-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.137-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-05-17T19:41:02", "published": "2014-05-17T19:41:02", "id": "DEBIAN:DSA-2930-1:9D43E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00111.html", "title": "[SECURITY] [DSA 2930-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:50:09", "description": "Google Chrome Releases reports :\n\n3 security fixes in this release :\n\n- [358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to\nCollin Payne.\n\n- [349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit\nto John Butler.\n\n- [356690] High CVE-2014-1742: Use-after-free in editing. Credit to\ncloudfuzzer.", "edition": 20, "published": "2014-05-15T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (cdf450fc-db52-11e3-a9fc-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "modified": "2014-05-15T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_CDF450FCDB5211E3A9FC00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/74019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74019);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (cdf450fc-db52-11e3-a9fc-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n3 security fixes in this release :\n\n- [358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to\nCollin Payne.\n\n- [349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit\nto John Butler.\n\n- [356690] High CVE-2014-1742: Use-after-free in editing. Credit to\ncloudfuzzer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/cdf450fc-db52-11e3-a9fc-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5be66be\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<34.0.1847.137\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:35", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2014-1740\n Collin Payne discovered a use-after-free issue in\n chromium's WebSockets implementation.\n\n - CVE-2014-1741\n John Butler discovered multiple integer overflow issues\n in the Blink/Webkit document object model\n implementation.\n\n - CVE-2014-1742\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit text editing feature.", "edition": 17, "published": "2014-05-19T00:00:00", "title": "Debian DSA-2930-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1742", "CVE-2014-1740", "CVE-2014-1741"], "modified": "2014-05-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2930.NASL", "href": "https://www.tenable.com/plugins/nessus/74044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2930. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74044);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\");\n script_bugtraq_id(67374, 67375, 67376);\n script_xref(name:\"DSA\", value:\"2930\");\n\n script_name(english:\"Debian DSA-2930-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2014-1740\n Collin Payne discovered a use-after-free issue in\n chromium's WebSockets implementation.\n\n - CVE-2014-1741\n John Butler discovered multiple integer overflow issues\n in the Blink/Webkit document object model\n implementation.\n\n - CVE-2014-1742\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit text editing feature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2930\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 34.0.1847.137-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"34.0.1847.137-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:05:33", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 34.0.1847.137. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0510)\n\n - An unspecified error exists in the included Flash\n version that could allow a bypass of the same origin\n policy. (CVE-2014-0516)\n\n - Several security bypass errors exist in the included\n Flash version. (CVE-2014-0517, CVE-2014-0518,\n CVE-2014-0519, CVE-2014-0520)\n\n - Use-after-free errors exist related to 'WebSockets'\n and 'editing'. (CVE-2014-1740, CVE-2014-1742)\n\n - An integer overflow error exists related to DOM\n ranges. (CVE-2014-1741)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "published": "2014-05-14T00:00:00", "title": "Google Chrome < 34.0.1847.137 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0517", "CVE-2014-0518", "CVE-2014-1742", "CVE-2014-0510", "CVE-2014-0520", "CVE-2014-1740", "CVE-2014-0516", "CVE-2014-0519", "CVE-2014-1741"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_34_0_1847_137.NASL", "href": "https://www.tenable.com/plugins/nessus/74008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74008);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0510\",\n \"CVE-2014-0516\",\n \"CVE-2014-0517\",\n \"CVE-2014-0518\",\n \"CVE-2014-0519\",\n \"CVE-2014-0520\",\n \"CVE-2014-1740\",\n \"CVE-2014-1741\",\n \"CVE-2014-1742\"\n );\n script_bugtraq_id(\n 66241,\n 67361,\n 67364,\n 67371,\n 67372,\n 67373,\n 67374,\n 67375,\n 67376\n );\n\n script_name(english:\"Google Chrome < 34.0.1847.137 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 34.0.1847.137. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0510)\n\n - An unspecified error exists in the included Flash\n version that could allow a bypass of the same origin\n policy. (CVE-2014-0516)\n\n - Several security bypass errors exist in the included\n Flash version. (CVE-2014-0517, CVE-2014-0518,\n CVE-2014-0519, CVE-2014-0520)\n\n - Use-after-free errors exist related to 'WebSockets'\n and 'editing'. (CVE-2014-1740, CVE-2014-1742)\n\n - An integer overflow error exists related to DOM\n ranges. (CVE-2014-1741)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34109980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0510\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'34.0.1847.137', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:30:11", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 34.0.1847.137. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0510)\n\n - An unspecified error exists in the included Flash\n version that could allow a bypass of the same origin\n policy. (CVE-2014-0516)\n\n - Several security bypass errors exist in the included\n Flash version. (CVE-2014-0517, CVE-2014-0518,\n CVE-2014-0519, CVE-2014-0520)\n\n - Use-after-free errors exist related to 'WebSockets'\n and 'editing'. (CVE-2014-1740, CVE-2014-1742)\n\n - An integer overflow error exists related to DOM\n ranges. (CVE-2014-1741)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "published": "2014-05-14T00:00:00", "title": "Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0517", "CVE-2014-0518", "CVE-2014-1742", "CVE-2014-0510", "CVE-2014-0520", "CVE-2014-1740", "CVE-2014-0516", "CVE-2014-0519", "CVE-2014-1741"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_34_0_1847_137.NASL", "href": "https://www.tenable.com/plugins/nessus/74009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74009);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0510\",\n \"CVE-2014-0516\",\n \"CVE-2014-0517\",\n \"CVE-2014-0518\",\n \"CVE-2014-0519\",\n \"CVE-2014-0520\",\n \"CVE-2014-1740\",\n \"CVE-2014-1741\",\n \"CVE-2014-1742\"\n );\n script_bugtraq_id(\n 66241,\n 67361,\n 67364,\n 67371,\n 67372,\n 67373,\n 67374,\n 67375,\n 67376\n );\n\n script_name(english:\"Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 34.0.1847.137. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0510)\n\n - An unspecified error exists in the included Flash\n version that could allow a bypass of the same origin\n policy. (CVE-2014-0516)\n\n - Several security bypass errors exist in the included\n Flash version. (CVE-2014-0517, CVE-2014-0518,\n CVE-2014-0519, CVE-2014-0520)\n\n - Use-after-free errors exist related to 'WebSockets'\n and 'editing'. (CVE-2014-1740, CVE-2014-1742)\n\n - An integer overflow error exists related to DOM\n ranges. (CVE-2014-1741)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34109980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0510\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'34.0.1847.137', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:17", "description": "chromium was updated to version 35.0.1916.114 to fix various security\nissues. Security fixes :\n\n - CVE-2014-1743: Use-after-free in styles\n\n - CVE-2014-1744: Integer overflow in audio\n\n - CVE-2014-1745: Use-after-free in SVG\n\n - CVE-2014-1746: Out-of-bounds read in media filters\n\n - CVE-2014-1747: UXSS with local MHTML file\n\n - CVE-2014-1748: UI spoofing with scrollbar\n\n - CVE-2014-1749: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2014-3152: Integer underflow in V8 fixed\n\n - CVE-2014-1740: Use-after-free in WebSockets\n\n - CVE-2014-1741: Integer overflow in DOM range\n\n - CVE-2014-1742: Use-after-free in editing and 17 more for\n which no detailed information is given.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1747", "CVE-2014-1742", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1740", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-1741"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:ninja", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:ninja-debugsource", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:ninja-debuginfo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2014-420.NASL", "href": "https://www.tenable.com/plugins/nessus/75387", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-420.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75387);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_bugtraq_id(67374, 67375, 67376, 67517, 71464);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)\");\n script_summary(english:\"Check for the openSUSE-2014-420 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"chromium was updated to version 35.0.1916.114 to fix various security\nissues. Security fixes :\n\n - CVE-2014-1743: Use-after-free in styles\n\n - CVE-2014-1744: Integer overflow in audio\n\n - CVE-2014-1745: Use-after-free in SVG\n\n - CVE-2014-1746: Out-of-bounds read in media filters\n\n - CVE-2014-1747: UXSS with local MHTML file\n\n - CVE-2014-1748: UI spoofing with scrollbar\n\n - CVE-2014-1749: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2014-3152: Integer underflow in V8 fixed\n\n - CVE-2014-1740: Use-after-free in WebSockets\n\n - CVE-2014-1741: Integer overflow in DOM range\n\n - CVE-2014-1742: Use-after-free in editing and 17 more for\n which no detailed information is given.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-debuginfo-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-debugsource-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-35.0.1916.114-37.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T18:54:25", "description": "A type confusion bug was discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered\nin Chromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1735,\nCVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were\ntricked in to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in\nto the parent frame in some circumstances. An attacker could\npotentially exploit this to conduct clickjacking attacks via UI\nredress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked\nin to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for\nsubresource loading in SVG images. If a user opened a site that\nembedded a specially crafted image, an attacker could exploit this to\nlog page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be\nactivated without consent or any visible indication. If a user were\ntricked in to opening a specially crafted website, an attacker could\nexploit this to eavesdrop on the user. (CVE-2014-3803).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2014-07-24T00:00:00", "title": "Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3155", "CVE-2014-1735", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-3152", "CVE-2014-3157", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-1746", "CVE-2014-3162", "CVE-2014-1730", "CVE-2014-3160", "CVE-2014-1748", "CVE-2014-1741", "CVE-2014-3803"], "modified": "2014-07-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs", "p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2298-1.NASL", "href": "https://www.tenable.com/plugins/nessus/76756", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2298-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76756);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1746\", \"CVE-2014-1748\", \"CVE-2014-3152\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3803\");\n script_bugtraq_id(67082, 67374, 67375, 67376, 67517, 67572, 67582, 67972, 67977, 67980, 68677);\n script_xref(name:\"USN\", value:\"2298-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A type confusion bug was discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered\nin Chromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1735,\nCVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were\ntricked in to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in\nto the parent frame in some circumstances. An attacker could\npotentially exploit this to conduct clickjacking attacks via UI\nredress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked\nin to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for\nsubresource loading in SVG images. If a user opened a site that\nembedded a specially crafted image, an attacker could exploit this to\nlog page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be\nactivated without consent or any visible indication. If a user were\ntricked in to opening a specially crafted website, an attacker could\nexploit this to eavesdrop on the user. (CVE-2014-3803).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2298-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-07T10:56:08", "description": "The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2014-08-30T00:00:00", "title": "GLSA-201408-16 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "modified": "2014-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201408-16.NASL", "href": "https://www.tenable.com/plugins/nessus/77460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-16.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77460);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407);\n script_xref(name:\"GLSA\", value:\"201408-16\");\n\n script_name(english:\"GLSA-201408-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-37.0.2062.94'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 37.0.2062.94\"), vulnerable:make_list(\"lt 37.0.2062.94\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3155", "CVE-2014-1735", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-3152", "CVE-2014-3157", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-1746", "CVE-2014-3162", "CVE-2014-1730", "CVE-2014-3160", "CVE-2014-1748", "CVE-2014-1741", "CVE-2014-3803"], "description": "A type confusion bug was discovered in V8. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash, or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash, or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in \nChromium. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service via \napplication crash or execute arbitrary code with the privileges of the \nuser invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets \nimplementation. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit these to cause a denial of \nservice via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData \nimplementation. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit these to cause a denial of \nservice via renderer crash or execute arbitrary code with the privileges \nof the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via renderer crash \nor execute arbitrary code with the privileges of the sandboxed render \nprocess. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked \nin to opening a specially crafter website, an attacker could potentially \nexploit this to cause a denial of service via application crash. \n(CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to \nthe parent frame in some circumstances. An attacker could potentially \nexploit this to conduct clickjacking attacks via UI redress. \n(CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked in to \nopening a specially crafter website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash or execute arbitrary \ncode with the privileges of the sandboxed render process. \n(CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An attacker \ncould potentially exploit this to cause a denial of service via \napplication crash or execute arbitrary code with the privileges of the \nuser invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for \nsubresource loading in SVG images. If a user opened a site that embedded a \nspecially crafted image, an attacker could exploit this to log page views. \n(CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be activated \nwithout consent or any visible indication. If a user were tricked in to \nopening a specially crafted website, an attacker could exploit this to \neavesdrop on the user. (CVE-2014-3803)", "edition": 5, "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "USN-2298-1", "href": "https://ubuntu.com/security/notices/USN-2298-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "edition": 1, "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
