Search...

Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)

2013-08-25T00:00:00

ID OPENVAS:1361412562310892741
Type openvas
Reporter Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net
Modified 2019-03-18T00:00:00

Description

Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2887 The chrome 29 development team found various issues from internal fuzzing, audits, and other studies.

CVE-2013-2900 Krystian Bigaj discovered a file handling path sanitization issue.

CVE-2013-2901 Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer.

CVE-2013-2902 cloudfuzzer discovered a use-after-free issue in XSLT.

CVE-2013-2903 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

CVE-2013-2904 cloudfuzzer discovered a use-after-free issue in XML document parsing.

CVE-2013-2905 Christian Jaeger discovered an information leak due to insufficient file permissions.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_2741.nasl 14276 2019-03-18 14:43:56Z cfischer $
# Auto-generated from advisory DSA 2741-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.892741");
  script_version("$Revision: 14276 $");
  script_cve_id("CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905", "CVE-2013-2903");
  script_name("Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)");
  script_tag(name:"last_modification", value:"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $");
  script_tag(name:"creation_date", value:"2013-08-25 00:00:00 +0200 (Sun, 25 Aug 2013)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_xref(name:"URL", value:"http://www.debian.org/security/2013/dsa-2741.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
  script_tag(name:"affected", value:"chromium-browser on Debian Linux");
  script_tag(name:"solution", value:"For the stable distribution (wheezy), these problems have been fixed in
version 29.0.1547.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 29.0.1547.57-1.

We recommend that you upgrade your chromium-browser packages.");
  script_tag(name:"summary", value:"Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2887
The chrome 29 development team found various issues from internal
fuzzing, audits, and other studies.

CVE-2013-2900
Krystian Bigaj discovered a file handling path sanitization issue.

CVE-2013-2901
Alex Chapman discovered an integer overflow issue in ANGLE, the
Almost Native Graphics Layer.

CVE-2013-2902
cloudfuzzer discovered a use-after-free issue in XSLT.

CVE-2013-2903
cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

CVE-2013-2904
cloudfuzzer discovered a use-after-free issue in XML document
parsing.

CVE-2013-2905
Christian Jaeger discovered an information leak due to insufficient
file permissions.");
  script_tag(name:"vuldetect", value:"This check tests the installed software version using the apt package manager.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"chromium", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-browser", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-browser-dbg", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-browser-inspector", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-browser-l10n", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-dbg", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-inspector", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"chromium-l10n", ver:"29.0.1547.57-1~deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if(__pkg_match) {
  exit(99);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310892741", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2887\nThe chrome 29 development team found various issues from internal\nfuzzing, audits, and other studies.\n\nCVE-2013-2900\nKrystian Bigaj discovered a file handling path sanitization issue.\n\nCVE-2013-2901\nAlex Chapman discovered an integer overflow issue in ANGLE, the\nAlmost Native Graphics Layer.\n\nCVE-2013-2902\ncloudfuzzer discovered a use-after-free issue in XSLT.\n\nCVE-2013-2903\ncloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\n\nCVE-2013-2904\ncloudfuzzer discovered a use-after-free issue in XML document\nparsing.\n\nCVE-2013-2905\nChristian Jaeger discovered an information leak due to insufficient\nfile permissions.", "published": "2013-08-25T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892741", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2013/dsa-2741.html"], "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "lastseen": "2019-05-29T18:38:21", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:D4E43E0E08694CF4ED263C7B0D1E78F6"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803879", "OPENVAS:803878", "OPENVAS:1361412562310121030", "OPENVAS:803877", "OPENVAS:1361412562310803878", "OPENVAS:1361412562310803877", "OPENVAS:803879", "OPENVAS:892741"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_AE651A4B0A4211E3BA5200262D5ED8EE.NASL", "GENTOO_GLSA-201309-16.NASL", "GOOGLE_CHROME_29_0_1547_57.NASL", "DEBIAN_DSA-2741.NASL", "MACOSX_GOOGLE_CHROME_29_0_1547_57.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2741-1:53620"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29718", "SECURITYVULNS:VULN:13256"]}, {"type": "freebsd", "idList": ["AE651A4B-0A42-11E3-BA52-00262D5ED8EE"]}, {"type": "cve", "idList": ["CVE-2013-2900", "CVE-2013-2904", "CVE-2013-2901", "CVE-2013-2903", "CVE-2013-2905", "CVE-2013-2887", "CVE-2013-2902"]}, {"type": "gentoo", "idList": ["GLSA-201309-16"]}], "modified": "2019-05-29T18:38:21", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:38:21", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310892741", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2741.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2741-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892741\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-2901\", \"CVE-2013-2887\", \"CVE-2013-2902\", \"CVE-2013-2904\", \"CVE-2013-2900\", \"CVE-2013-2905\", \"CVE-2013-2903\");\n script_name(\"Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-25 00:00:00 +0200 (Sun, 25 Aug 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2741.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 29.0.1547.57-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 29.0.1547.57-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2887\nThe chrome 29 development team found various issues from internal\nfuzzing, audits, and other studies.\n\nCVE-2013-2900\nKrystian Bigaj discovered a file handling path sanitization issue.\n\nCVE-2013-2901\nAlex Chapman discovered an integer overflow issue in ANGLE, the\nAlmost Native Graphics Layer.\n\nCVE-2013-2902\ncloudfuzzer discovered a use-after-free issue in XSLT.\n\nCVE-2013-2903\ncloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\n\nCVE-2013-2904\ncloudfuzzer discovered a use-after-free issue in XML document\nparsing.\n\nCVE-2013-2905\nChristian Jaeger discovered an information leak due to insufficient\nfile permissions.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"openvas": [{"lastseen": "2017-07-02T21:11:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2017-05-08T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:803878", "href": "http://plugins.openvas.org/nasl.php?oid=803878", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_aug13_lin.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"\n Impact Level: System/Application\";\n\nif (description)\n{\n script_id(803878);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 13:01:25 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Linux)\");\n\n tag_summary =\n\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"Multiple flaws are due to,\n- Some unspecified errors exist.\n- An error exists when handling file paths.\n- An integer overflow error exists within ANGLE.\n- Insecure permissions when creating certain shared memory files.\n- Use-after-free error exists within XSLT, media element and document parsing.\";\n\n tag_impact =\n\"Successful exploitation will allow attackers to disclose potentially sensitive\ninformation, compromise a user's system and other attacks may also be possible.\";\n\n tag_affected =\n\"Google Chrome version prior to 29.0.1547.57 on Linux.\";\n\n tag_solution =\n\"Upgrade to version 29.0.1547.57 or later,\nFor updates refer to http://www.google.com/chrome\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54479\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 29.0.1547.57\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2887 \nThe chrome 29 development team found various issues from internal\nfuzzing, audits, and other studies.\n\nCVE-2013-2900 \nKrystian Bigaj discovered a file handling path sanitization issue.\n\nCVE-2013-2901 \nAlex Chapman discovered an integer overflow issue in ANGLE, the\nAlmost Native Graphics Layer.\n\nCVE-2013-2902 \ncloudfuzzer discovered a use-after-free issue in XSLT.\n\nCVE-2013-2903 \ncloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\n\nCVE-2013-2904 \ncloudfuzzer discovered a use-after-free issue in XML document\nparsing.\n\nCVE-2013-2905 \nChristian Jaeger discovered an information leak due to insufficient\nfile permissions.", "modified": "2017-07-07T00:00:00", "published": "2013-08-25T00:00:00", "id": "OPENVAS:892741", "href": "http://plugins.openvas.org/nasl.php?oid=892741", "type": "openvas", "title": "Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2741.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2741-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 29.0.1547.57-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 29.0.1547.57-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2887 \nThe chrome 29 development team found various issues from internal\nfuzzing, audits, and other studies.\n\nCVE-2013-2900 \nKrystian Bigaj discovered a file handling path sanitization issue.\n\nCVE-2013-2901 \nAlex Chapman discovered an integer overflow issue in ANGLE, the\nAlmost Native Graphics Layer.\n\nCVE-2013-2902 \ncloudfuzzer discovered a use-after-free issue in XSLT.\n\nCVE-2013-2903 \ncloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\n\nCVE-2013-2904 \ncloudfuzzer discovered a use-after-free issue in XML document\nparsing.\n\nCVE-2013-2905 \nChristian Jaeger discovered an information leak due to insufficient\nfile permissions.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892741);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2901\", \"CVE-2013-2887\", \"CVE-2013-2902\", \"CVE-2013-2904\", \"CVE-2013-2900\", \"CVE-2013-2905\", \"CVE-2013-2903\");\n script_name(\"Debian Security Advisory DSA 2741-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-08-25 00:00:00 +0200 (Sun, 25 Aug 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2741.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"29.0.1547.57-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2017-05-04T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:803879", "href": "http://plugins.openvas.org/nasl.php?oid=803879", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_aug13_macosx.nasl 6065 2017-05-04 09:03:08Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"\n Impact Level: System/Application\";\n\nif (description)\n{\n script_id(803879);\n script_version(\"$Revision: 6065 $\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-04 11:03:08 +0200 (Thu, 04 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 13:05:48 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)\");\n\n tag_summary =\n\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"Multiple flaws are due to,\n- Some unspecified errors exist.\n- An error exists when handling file paths.\n- An integer overflow error exists within ANGLE.\n- Insecure permissions when creating certain shared memory files.\n- Use-after-free error exists within XSLT, media element and document parsing.\";\n\n tag_impact =\n\"Successful exploitation will allow attackers to disclose potentially sensitive\ninformation, compromise a user's system and other attacks may also be possible.\";\n\n tag_affected =\n\"Google Chrome version prior to 29.0.1547.57 on Mac OS X.\";\n\n tag_solution =\n\"Upgrade to version 29.0.1547.57 or later,\nFor updates refer to http://www.google.com/chrome\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54479\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 29.0.1547.57\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2017-05-05T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:803877", "href": "http://plugins.openvas.org/nasl.php?oid=803877", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_aug13_win.nasl 6074 2017-05-05 09:03:14Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"\n Impact Level: System/Application\";\n\nif (description)\n{\n script_id(803877);\n script_version(\"$Revision: 6074 $\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 11:59:27 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Windows)\");\n\n tag_summary =\n\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"Multiple flaws are due to,\n- Some unspecified errors exist.\n- An error exists when handling file paths.\n- An integer overflow error exists within ANGLE.\n- Insecure permissions when creating certain shared memory files.\n- Use-after-free error exists within XSLT, media element and document parsing.\";\n\n tag_impact =\n\"Successful exploitation will allow attackers to disclose potentially sensitive\ninformation, compromise a user's system and other attacks may also be possible.\";\n\n tag_affected =\n\"Google Chrome version prior to 29.0.1547.57 on Windows.\";\n\n tag_solution =\n\"Upgrade to version 29.0.1547.57 or later,\nFor updates refer to http://www.google.com/chrome\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54479\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 29.0.1547.57\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:06:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:1361412562310803879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803879", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803879\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 13:05:48 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Mac OS X)\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 29.0.1547.57 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Some unspecified errors exist.\n\n - An error exists when handling file paths.\n\n - An integer overflow error exists within ANGLE.\n\n - Insecure permissions when creating certain shared memory files.\n\n - Use-after-free error exists within XSLT, media element and document parsing.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 29.0.1547.57 on Mac OS X.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to disclose potentially sensitive information, compromise a user's system and other attacks may also be possible.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54479\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"29.0.1547.57\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:06:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:1361412562310803877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803877", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803877\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 11:59:27 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 29.0.1547.57 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Some unspecified errors exist.\n\n - An error exists when handling file paths.\n\n - An integer overflow error exists within ANGLE.\n\n - Insecure permissions when creating certain shared memory files.\n\n - Use-after-free error exists within XSLT, media element and document parsing.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 29.0.1547.57 on Windows.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to disclose potentially sensitive\ninformation, compromise a user's system and other attacks may also be possible.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54479\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"29.0.1547.57\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-08-26T00:00:00", "id": "OPENVAS:1361412562310803878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803878", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 August13 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 August13 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803878\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\",\n \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61887, 61891, 61886, 61888, 61889, 61890);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-08-26 13:01:25 +0530 (Mon, 26 Aug 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 August13 (Linux)\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 29.0.1547.57 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Some unspecified errors exist.\n\n - An error exists when handling file paths.\n\n - An integer overflow error exists within ANGLE.\n\n - Insecure permissions when creating certain shared memory files.\n\n - Use-after-free error exists within XSLT, media element and document parsing.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 29.0.1547.57 on Linux.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to disclose potentially sensitive\ninformation, compromise a user's system and other attacks may also be possible.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54479\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/08/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"29.0.1547.57\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"29.0.1547.57\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "description": "Gentoo Linux Local Security Checks GLSA 201309-16", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121030", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201309-16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201309-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121030\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:25:53 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201309-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201309-16\");\n script_cve_id(\"CVE-2012-5116\", \"CVE-2012-5117\", \"CVE-2012-5118\", \"CVE-2012-5120\", \"CVE-2012-5121\", \"CVE-2012-5122\", \"CVE-2012-5123\", \"CVE-2012-5124\", \"CVE-2012-5125\", \"CVE-2012-5126\", \"CVE-2012-5127\", \"CVE-2012-5128\", \"CVE-2012-5130\", \"CVE-2012-5132\", \"CVE-2012-5133\", \"CVE-2012-5135\", \"CVE-2012-5136\", \"CVE-2012-5137\", \"CVE-2012-5138\", \"CVE-2012-5139\", \"CVE-2012-5140\", \"CVE-2012-5141\", \"CVE-2012-5142\", \"CVE-2012-5143\", \"CVE-2012-5144\", \"CVE-2012-5145\", \"CVE-2012-5146\", \"CVE-2012-5147\", \"CVE-2012-5148\", \"CVE-2012-5149\", \"CVE-2012-5150\", \"CVE-2012-5151\", \"CVE-2012-5152\", \"CVE-2012-5153\", \"CVE-2012-5154\", \"CVE-2013-0828\", \"CVE-2013-0829\", \"CVE-2013-0830\", \"CVE-2013-0831\", \"CVE-2013-0832\", \"CVE-2013-0833\", \"CVE-2013-0834\", \"CVE-2013-0835\", \"CVE-2013-0836\", \"CVE-2013-0837\", \"CVE-2013-0838\", \"CVE-2013-0839\", \"CVE-2013-0840\", \"CVE-2013-0841\", \"CVE-2013-0842\", \"CVE-2013-0879\", \"CVE-2013-0880\", \"CVE-2013-0881\", \"CVE-2013-0882\", \"CVE-2013-0883\", \"CVE-2013-0884\", \"CVE-2013-0885\", \"CVE-2013-0887\", \"CVE-2013-0888\", \"CVE-2013-0889\", \"CVE-2013-0890\", \"CVE-2013-0891\", \"CVE-2013-0892\", \"CVE-2013-0893\", \"CVE-2013-0894\", \"CVE-2013-0895\", \"CVE-2013-0896\", \"CVE-2013-0897\", \"CVE-2013-0898\", \"CVE-2013-0899\", \"CVE-2013-0900\", \"CVE-2013-0902\", \"CVE-2013-0903\", \"CVE-2013-0904\", \"CVE-2013-0905\", \"CVE-2013-0906\", \"CVE-2013-0907\", \"CVE-2013-0908\", \"CVE-2013-0909\", \"CVE-2013-0910\", \"CVE-2013-0911\", \"CVE-2013-0912\", \"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-2836\", \"CVE-2013-2837\", \"CVE-2013-2838\", \"CVE-2013-2839\", \"CVE-2013-2840\", \"CVE-2013-2841\", \"CVE-2013-2842\", \"CVE-2013-2843\", \"CVE-2013-2844\", \"CVE-2013-2845\", \"CVE-2013-2846\", \"CVE-2013-2847\", \"CVE-2013-2848\", \"CVE-2013-2849\", \"CVE-2013-2853\", \"CVE-2013-2855\", \"CVE-2013-2856\", \"CVE-2013-2857\", \"CVE-2013-2858\", \"CVE-2013-2859\", \"CVE-2013-2860\", \"CVE-2013-2861\", \"CVE-2013-2862\", \"CVE-2013-2863\", \"CVE-2013-2865\", \"CVE-2013-2867\", \"CVE-2013-2868\", \"CVE-2013-2869\", \"CVE-2013-2870\", \"CVE-2013-2871\", \"CVE-2013-2874\", \"CVE-2013-2875\", \"CVE-2013-2876\", \"CVE-2013-2877\", \"CVE-2013-2878\", \"CVE-2013-2879\", \"CVE-2013-2880\", \"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\", \"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201309-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 29.0.1457.57\"), vulnerable: make_list(\"lt 29.0.1457.57\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(\"ge 3.18.5.14\"), vulnerable: make_list(\"lt 3.18.5.14\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:49:07", "description": "Google Chrome Releases reports :\n\n25 security fixes in this release, including :\n\n- [181617] High CVE-2013-2900: Incomplete path sanitization in file\nhandling. Credit to Krystian Bigaj.\n\n- [254159] Low CVE-2013-2905: Information leak via overly broad\npermissions on shared memory files. Credit to Christian Jaeger.\n\n- [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to\nAlex Chapman.\n\n- [260105] High CVE-2013-2902: Use after free in XSLT. Credit to\ncloudfuzzer.\n\n- [260156] High CVE-2013-2903: Use after free in media element. Credit\nto cloudfuzzer.\n\n- [260428] High CVE-2013-2904: Use after free in document parsing.\nCredit to cloudfuzzer.\n\n- [274602] CVE-2013-2887: Various fixes from internal audits, fuzzing\nand other initiatives (Chrome 29).", "edition": 20, "published": "2013-08-22T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (ae651a4b-0a42-11e3-ba52-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "modified": "2013-08-22T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_AE651A4B0A4211E3BA5200262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/69437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69437);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (ae651a4b-0a42-11e3-ba52-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n25 security fixes in this release, including :\n\n- [181617] High CVE-2013-2900: Incomplete path sanitization in file\nhandling. Credit to Krystian Bigaj.\n\n- [254159] Low CVE-2013-2905: Information leak via overly broad\npermissions on shared memory files. Credit to Christian Jaeger.\n\n- [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to\nAlex Chapman.\n\n- [260105] High CVE-2013-2902: Use after free in XSLT. Credit to\ncloudfuzzer.\n\n- [260156] High CVE-2013-2903: Use after free in media element. Credit\nto cloudfuzzer.\n\n- [260428] High CVE-2013-2904: Use after free in document parsing.\nCredit to cloudfuzzer.\n\n- [274602] CVE-2013-2887: Various fixes from internal audits, fuzzing\nand other initiatives (Chrome 29).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/ae651a4b-0a42-11e3-ba52-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04c99fa7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<29.0.1547.57\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:03", "description": "Several vulnerabilities have been discovered in the Chromium web\nbrowser.\n\n - CVE-2013-2887\n The chrome 29 development team found various issues from\n internal fuzzing, audits, and other studies.\n\n - CVE-2013-2900\n Krystian Bigaj discovered a file handling path\n sanitization issue.\n\n - CVE-2013-2901\n Alex Chapman discovered an integer overflow issue in\n ANGLE, the Almost Native Graphics Layer.\n\n - CVE-2013-2902\n cloudfuzzer discovered a use-after-free issue in XSLT.\n\n - CVE-2013-2903\n cloudfuzzer discovered a use-after-free issue in\n HTMLMediaElement.\n\n - CVE-2013-2904\n cloudfuzzer discovered a use-after-free issue in XML\n document parsing.\n\n - CVE-2013-2905\n Christian Jaeger discovered an information leak due to\n insufficient file permissions.", "edition": 16, "published": "2013-08-26T00:00:00", "title": "Debian DSA-2741-1 : chromium-browser - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "modified": "2013-08-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/69470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2741. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69470);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(61885, 61886, 61887, 61888, 61889, 61890, 61891);\n script_xref(name:\"DSA\", value:\"2741\");\n\n script_name(english:\"Debian DSA-2741-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Chromium web\nbrowser.\n\n - CVE-2013-2887\n The chrome 29 development team found various issues from\n internal fuzzing, audits, and other studies.\n\n - CVE-2013-2900\n Krystian Bigaj discovered a file handling path\n sanitization issue.\n\n - CVE-2013-2901\n Alex Chapman discovered an integer overflow issue in\n ANGLE, the Almost Native Graphics Layer.\n\n - CVE-2013-2902\n cloudfuzzer discovered a use-after-free issue in XSLT.\n\n - CVE-2013-2903\n cloudfuzzer discovered a use-after-free issue in\n HTMLMediaElement.\n\n - CVE-2013-2904\n cloudfuzzer discovered a use-after-free issue in XML\n document parsing.\n\n - CVE-2013-2905\n Christian Jaeger discovered an information leak due to\n insufficient file permissions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2741\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 29.0.1547.57-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"29.0.1547.57-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:46:25", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 29.0.1547.57. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Various unspecified errors exist. No further details\n have been provided. (CVE-2013-2887)\n\n - An input validation error exists related to incomplete\n paths and file handling. (CVE-2013-2900)\n\n - An integer overflow error exists related to 'ANGLE'.\n (CVE-2013-2901)\n\n - Use-after-free errors exist related to 'XSLT', the\n 'media' element and document parsing. (CVE-2013-2902,\n CVE-2013-2903, CVE-2013-2904)\n\n - An error exists related to shared memory files that\n could lead to the disclosure of sensitive information.\n (CVE-2013-2905)", "edition": 25, "published": "2013-11-13T00:00:00", "title": "Google Chrome < 29.0.1547.57 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_29_0_1547_57.NASL", "href": "https://www.tenable.com/plugins/nessus/70891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70891);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2887\",\n \"CVE-2013-2900\",\n \"CVE-2013-2901\",\n \"CVE-2013-2902\",\n \"CVE-2013-2903\",\n \"CVE-2013-2904\",\n \"CVE-2013-2905\"\n );\n script_bugtraq_id(\n 61885,\n 61886,\n 61887,\n 61888,\n 61889,\n 61890,\n 61891\n );\n\n script_name(english:\"Google Chrome < 29.0.1547.57 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 29.0.1547.57. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Various unspecified errors exist. No further details\n have been provided. (CVE-2013-2887)\n\n - An input validation error exists related to incomplete\n paths and file handling. (CVE-2013-2900)\n\n - An integer overflow error exists related to 'ANGLE'.\n (CVE-2013-2901)\n\n - Use-after-free errors exist related to 'XSLT', the\n 'media' element and document parsing. (CVE-2013-2902,\n CVE-2013-2903, CVE-2013-2904)\n\n - An error exists related to shared memory files that\n could lead to the disclosure of sensitive information.\n (CVE-2013-2905)\");\n # http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51dcd991\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 29.0.1547.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2904\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'29.0.1547.57', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:18:47", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 29.0.1547.57. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Various unspecified errors exist. No further details\n have been provided. (CVE-2013-2887)\n\n - An input validation error exists related to incomplete\n paths and file handling. (CVE-2013-2900)\n\n - An integer overflow error exists related to 'ANGLE'.\n (CVE-2013-2901)\n\n - Use-after-free errors exist related to 'XSLT', the\n 'media' element and document parsing. (CVE-2013-2902,\n CVE-2013-2903, CVE-2013-2904)\n\n - An error exists related to shared memory files that\n could lead to the disclosure of sensitive information.\n (CVE-2013-2905)\n\n - An error exists related to HTTP Cookie headers and\n validation that could allow denial of service attacks.\n (CVE-2013-6166)", "edition": 26, "published": "2013-08-20T00:00:00", "title": "Google Chrome < 29.0.1547.57 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-6166", "CVE-2013-2905"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_29_0_1547_57.NASL", "href": "https://www.tenable.com/plugins/nessus/69423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69423);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2887\",\n \"CVE-2013-2900\",\n \"CVE-2013-2901\",\n \"CVE-2013-2902\",\n \"CVE-2013-2903\",\n \"CVE-2013-2904\",\n \"CVE-2013-2905\",\n \"CVE-2013-6166\"\n );\n script_bugtraq_id(\n 58857,\n 61885,\n 61886,\n 61887,\n 61888,\n 61889,\n 61890,\n 61891\n );\n\n script_name(english:\"Google Chrome < 29.0.1547.57 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 29.0.1547.57. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Various unspecified errors exist. No further details\n have been provided. (CVE-2013-2887)\n\n - An input validation error exists related to incomplete\n paths and file handling. (CVE-2013-2900)\n\n - An integer overflow error exists related to 'ANGLE'.\n (CVE-2013-2901)\n\n - Use-after-free errors exist related to 'XSLT', the\n 'media' element and document parsing. (CVE-2013-2902,\n CVE-2013-2903, CVE-2013-2904)\n\n - An error exists related to shared memory files that\n could lead to the disclosure of sensitive information.\n (CVE-2013-2905)\n\n - An error exists related to HTTP Cookie headers and\n validation that could allow denial of service attacks.\n (CVE-2013-6166)\");\n # http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51dcd991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2013/q4/121\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 29.0.1547.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2904\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'29.0.1547.57', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:54:49", "description": "The remote host is affected by the vulnerability described in GLSA-201309-16\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other, unspecified,\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2013-09-25T00:00:00", "title": "GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "modified": "2013-09-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:v8", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201309-16.NASL", "href": "https://www.tenable.com/plugins/nessus/70112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201309-16.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70112);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5116\", \"CVE-2012-5117\", \"CVE-2012-5118\", \"CVE-2012-5120\", \"CVE-2012-5121\", \"CVE-2012-5122\", \"CVE-2012-5123\", \"CVE-2012-5124\", \"CVE-2012-5125\", \"CVE-2012-5126\", \"CVE-2012-5127\", \"CVE-2012-5128\", \"CVE-2012-5130\", \"CVE-2012-5132\", \"CVE-2012-5133\", \"CVE-2012-5135\", \"CVE-2012-5136\", \"CVE-2012-5137\", \"CVE-2012-5138\", \"CVE-2012-5139\", \"CVE-2012-5140\", \"CVE-2012-5141\", \"CVE-2012-5142\", \"CVE-2012-5143\", \"CVE-2012-5144\", \"CVE-2012-5145\", \"CVE-2012-5146\", \"CVE-2012-5147\", \"CVE-2012-5148\", \"CVE-2012-5149\", \"CVE-2012-5150\", \"CVE-2012-5151\", \"CVE-2012-5152\", \"CVE-2012-5153\", \"CVE-2012-5154\", \"CVE-2013-0828\", \"CVE-2013-0829\", \"CVE-2013-0830\", \"CVE-2013-0831\", \"CVE-2013-0832\", \"CVE-2013-0833\", \"CVE-2013-0834\", \"CVE-2013-0835\", \"CVE-2013-0836\", \"CVE-2013-0837\", \"CVE-2013-0838\", \"CVE-2013-0839\", \"CVE-2013-0840\", \"CVE-2013-0841\", \"CVE-2013-0842\", \"CVE-2013-0879\", \"CVE-2013-0880\", \"CVE-2013-0881\", \"CVE-2013-0882\", \"CVE-2013-0883\", \"CVE-2013-0884\", \"CVE-2013-0885\", \"CVE-2013-0887\", \"CVE-2013-0888\", \"CVE-2013-0889\", \"CVE-2013-0890\", \"CVE-2013-0891\", \"CVE-2013-0892\", \"CVE-2013-0893\", \"CVE-2013-0894\", \"CVE-2013-0895\", \"CVE-2013-0896\", \"CVE-2013-0897\", \"CVE-2013-0898\", \"CVE-2013-0899\", \"CVE-2013-0900\", \"CVE-2013-0902\", \"CVE-2013-0903\", \"CVE-2013-0904\", \"CVE-2013-0905\", \"CVE-2013-0906\", \"CVE-2013-0907\", \"CVE-2013-0908\", \"CVE-2013-0909\", \"CVE-2013-0910\", \"CVE-2013-0911\", \"CVE-2013-0912\", \"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-2836\", \"CVE-2013-2837\", \"CVE-2013-2838\", \"CVE-2013-2839\", \"CVE-2013-2840\", \"CVE-2013-2841\", \"CVE-2013-2842\", \"CVE-2013-2843\", \"CVE-2013-2844\", \"CVE-2013-2845\", \"CVE-2013-2846\", \"CVE-2013-2847\", \"CVE-2013-2848\", \"CVE-2013-2849\", \"CVE-2013-2853\", \"CVE-2013-2855\", \"CVE-2013-2856\", \"CVE-2013-2857\", \"CVE-2013-2858\", \"CVE-2013-2859\", \"CVE-2013-2860\", \"CVE-2013-2861\", \"CVE-2013-2862\", \"CVE-2013-2863\", \"CVE-2013-2865\", \"CVE-2013-2867\", \"CVE-2013-2868\", \"CVE-2013-2869\", \"CVE-2013-2870\", \"CVE-2013-2871\", \"CVE-2013-2874\", \"CVE-2013-2875\", \"CVE-2013-2876\", \"CVE-2013-2877\", \"CVE-2013-2878\", \"CVE-2013-2879\", \"CVE-2013-2880\", \"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\", \"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891);\n script_xref(name:\"GLSA\", value:\"201309-16\");\n\n script_name(english:\"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201309-16\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other, unspecified,\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b9b0b08\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f59319e\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee73f07e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201309-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-29.0.1457.57'\n All V8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 29.0.1457.57\"), vulnerable:make_list(\"lt 29.0.1457.57\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(\"ge 3.18.5.14\"), vulnerable:make_list(\"lt 3.18.5.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:28", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n25 security fixes in this release, including:\n\n[181617] High CVE-2013-2900: Incomplete path sanitization in\n\t file handling. Credit to Krystian Bigaj.\n [254159] Low CVE-2013-2905: Information leak via overly broad\n\t permissions on shared memory files. Credit to Christian\n\t Jaeger.\n[257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit\n\t to Alex Chapman.\n[260105] High CVE-2013-2902: Use after free in XSLT. Credit to\n\t cloudfuzzer.\n[260156] High CVE-2013-2903: Use after free in media element.\n\t Credit to cloudfuzzer.\n[260428] High CVE-2013-2904: Use after free in document\n\t parsing. Credit to cloudfuzzer.\n[274602] CVE-2013-2887: Various fixes from internal audits,\n\t fuzzing and other initiatives (Chrome 29).\n\n\n", "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/ae651a4b-0a42-11e3-ba52-00262d5ed8ee.html", "id": "AE651A4B-0A42-11E3-BA52-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2741-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nAugust 25, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902\r\n CVE-2013-2903 CVE-2013-2904 CVE-2013-2905\r\n\r\nSeveral vulnerabilities have been discovered in the Chromium web browser.\r\n\r\nCVE-2013-2887\r\n\r\n The chrome 29 development team found various issues from internal\r\n fuzzing, audits, and other studies.\r\n\r\nCVE-2013-2900\r\n\r\n Krystian Bigaj discovered a file handling path sanitization issue.\r\n\r\nCVE-2013-2901\r\n\r\n Alex Chapman discovered an integer overflow issue in ANGLE, the\r\n Almost Native Graphics Layer.\r\n\r\nCVE-2013-2902\r\n\r\n cloudfuzzer discovered a use-after-free issue in XSLT.\r\n\r\nCVE-2013-2903\r\n\r\n cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\r\n\r\nCVE-2013-2904\r\n\r\n cloudfuzzer discovered a use-after-free issue in XML document\r\n parsing.\r\n\r\nCVE-2013-2905\r\n\r\n Christian Jaeger discovered an information leak due to insufficient\r\n file permissions.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 29.0.1547.57-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 29.0.1547.57-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (GNU/Linux)\r\n\r\niQQcBAEBCgAGBQJSGm5GAAoJELjWss0C1vRzPeQf/RRCxx42uQSyFbV5PPEZgrcw\r\n/pD1tgiM3RIPEQhPlzG6tAXEAV8F44bOeT1XUjUAW5+tfDd+nTrv9kKVQbq5Bt21\r\nzBKBSv5ukZ00pesctK1c1Xmeyg1MkujhC7IOId9yGV1CVXUox0Me8J+FOCBWLtUg\r\nKccHpeh/DkK2/S23Avjc4WysjlPyMWB3aulxZ1BhY2MqOgL1IstlpoDIZB5KO7s3\r\nAiTRdwSH0YXMmjLkvyx8Kdy+rGr2bixameEJp0CO68XWRXd5TF9E/JBgyNi7yW9V\r\nXiPmnjsO39ZXVRAZ5zOkLjC9ZCh9zcYoPEFOl4ZazF+XA8bs0eZtwgLCIFAJbA66\r\n8lT4dGYuXEWPIClNS9UJOO+OoNemYfHFHfJ6zjolijNopsotaFSLLf09JB6aEdBh\r\nD0ag8WZCgQr945wfr4FfrfZ5YJ9m1duUZvhnkJRoQHfPL0EaDEfMkfOTSmIGg/ku\r\nXcWRTgVu/uvqnyz2132j1NHNuScWFVV7YDB2UY/UtfjX0f+3h2xC2DFmOnIuOIBh\r\n4C95GlCXDcAWaxVxByzJMKQaYGuPdc+nbnA2IpAUc+Ge7dXu/MVx8QQgQHqwmNd+\r\n8bfCuwSZz7VrMRflJ1of4fxZB71RGbxvWSYFf64KmHCYY6bwLKCWJ3s4WSBQTpdt\r\n1q6IqhNvKqAqdHam1w4BmJ6yyAPJ+U/JKZZLzat1d/AE4D6p01lS9GfY4ewNyQhf\r\nfQYuNwwzWZScYgtXmOD29QfAagzL3JhxGoc3eKbnwfp7z5DbaUxnj8NSxyRCO1qg\r\noTyOmialp+7u8rF9es6TaG8ddEklN3hZ5is92qWcydXhBrLakbGMDHu0uVZai1pe\r\nsM3BiogPOwks3gIyLyH5q4+tsEU9hxSZgymLYnlz4lkyFs8Dpd/ZhYX52btcVneG\r\nxIx9GnmwpYKQAV6g0mwHaL+0IXj5RfrKCMpmqHCzDWGxZ7lFilmRKIJmyrI02LN0\r\neQ6HUreYyphev8yZa69OSJwUnWy88WSxX2PH/oKy+tP9XoYLwQoJjCikI21CrJj8\r\nydaV6wjVA474HAwTQSF9zbllLdDwfswGSJ29Qzx80Pgf7MUZuDCYVWvqMNtJ44cp\r\n2Hyxc3d8KjPERRda62VQnVPMwhs1kEnEwWSCK8SDpI21bY0756m6GKUVLw0dBf54\r\nmmhwPoU/cVRyHeataY1gkkDl5gAB4VE14GxipNv/ge0AJGIF2YsC6ZP2SaVMkB2x\r\n/gBEBer1gggyTwNKb2gkalyXjXVHns1CFQKSlcEm93W3ychtVVykObRt3+cmZCUU\r\nxOZMWWsUnwzbessCPz3B44sK+4MM9GDqAfQsvBoaU5AnYiLDBKh5KtStENoH5/0=\r\n=ABUv\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-08-28T00:00:00", "published": "2013-08-28T00:00:00", "id": "SECURITYVULNS:DOC:29718", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29718", "title": "[SECURITY] [DSA 2741-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "Multiple memory corruptions, integer overflows, information leaks.", "edition": 1, "modified": "2013-08-28T00:00:00", "published": "2013-08-28T00:00:00", "id": "SECURITYVULNS:VULN:13256", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13256", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2901", "CVE-2013-2887", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2900", "CVE-2013-2905"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2741-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nAugust 25, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902\n CVE-2013-2903 CVE-2013-2904 CVE-2013-2905\n\nSeveral vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2887\n\n The chrome 29 development team found various issues from internal\n fuzzing, audits, and other studies.\n\nCVE-2013-2900\n\n Krystian Bigaj discovered a file handling path sanitization issue.\n\nCVE-2013-2901\n\n Alex Chapman discovered an integer overflow issue in ANGLE, the\n Almost Native Graphics Layer.\n\nCVE-2013-2902\n\n cloudfuzzer discovered a use-after-free issue in XSLT.\n\nCVE-2013-2903\n\n cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.\n\nCVE-2013-2904\n\n cloudfuzzer discovered a use-after-free issue in XML document\n parsing.\n\nCVE-2013-2905\n\n Christian Jaeger discovered an information leak due to insufficient\n file permissions.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 29.0.1547.57-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 29.0.1547.57-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-08-25T20:47:45", "published": "2013-08-25T20:47:45", "id": "DEBIAN:DSA-2741-1:53620", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00151.html", "title": "[SECURITY] [DSA 2741-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:00:18", "bulletinFamily": "info", "cvelist": ["CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905"], "description": "There are 25 fresh security patches in the newest version of Google Chrome, including fixes for a number of high-severity vulnerabilities. Chrome 29 also includes a number of performance enhancements.\n\nGoogle regularly pushes out new versions of its browser every few weeks, and sometimes will only have a handful of security fixes. Chrome 29 is the exception to this, providing a huge number of vulnerability fixes. Three of the fixes in Chrome 29 are for use-after-free vulnerabilities, each of which earned the finder a $1,000 bug bounty.\n\nThe list of bugs fixed in [Chrome 29](<http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html>) includes:\n\n * [$1337] [[181617](<http://crbug.com/181617>)] **High** CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj.\n * [$500] [[254159](<http://crbug.com/254159>)] **Low** CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger.\n * [$1337] [[257363](<http://crbug.com/257363>)] **High** CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman.\n * [$1000] [[260105](<http://crbug.com/260105>)] **High** CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer.\n * [$1000] [[260156](<http://crbug.com/260156>)] **High** CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer.\n * [$1000] [[260428](<http://crbug.com/260428>)] **High** CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer.\n\nChrome users should update their browsers as soon as possible to protect against attacks using these vulnerabilities.\n", "modified": "2013-08-20T18:26:22", "published": "2013-08-20T13:45:24", "id": "THREATPOST:D4E43E0E08694CF4ED263C7B0D1E78F6", "href": "https://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038/", "type": "threatpost", "title": "Google Chrome 29 Fixes 25 Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T06:06:53", "description": "Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2887", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2887"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2887", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2887", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2900", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2900"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2900", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2900", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2902", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2902"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2902", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2904", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2904"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2904", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2903", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2903"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2905", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2905"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2905", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:53", "description": "Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2013-08-21T12:17:00", "title": "CVE-2013-2901", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2901"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:29.0.1547.23", "cpe:/a:google:chrome:29.0.1547.3", "cpe:/a:google:chrome:29.0.1547.27", "cpe:/a:google:chrome:29.0.1547.19", "cpe:/a:google:chrome:29.0.1547.5", "cpe:/a:google:chrome:29.0.1547.51", "cpe:/a:google:chrome:29.0.1547.11", "cpe:/a:google:chrome:29.0.1547.16", "cpe:/a:google:chrome:29.0.1547.47", "cpe:/a:google:chrome:29.0.1547.41", "cpe:/a:google:chrome:29.0.1547.39", "cpe:/a:google:chrome:29.0.1547.40", "cpe:/a:google:chrome:29.0.1547.22", "cpe:/a:google:chrome:29.0.1547.52", "cpe:/a:google:chrome:29.0.1547.37", "cpe:/a:google:chrome:29.0.1547.31", "cpe:/a:google:chrome:29.0.1547.42", "cpe:/a:google:chrome:29.0.1547.21", "cpe:/a:google:chrome:29.0.1547.36", "cpe:/a:google:chrome:29.0.1547.7", "cpe:/a:google:chrome:29.0.1547.50", "cpe:/a:google:chrome:29.0.1547.29", "cpe:/a:google:chrome:29.0.1547.18", "cpe:/a:google:chrome:29.0.1547.38", "cpe:/a:google:chrome:29.0.1547.17", "cpe:/a:google:chrome:29.0.1547.9", "cpe:/a:google:chrome:29.0.1547.8", "cpe:/a:google:chrome:29.0.1547.30", "cpe:/a:google:chrome:29.0.1547.28", "cpe:/a:google:chrome:29.0.1547.54", "cpe:/a:google:chrome:29.0.1547.20", "cpe:/a:google:chrome:29.0.1547.10", "cpe:/a:google:chrome:29.0.1547.4", "cpe:/a:google:chrome:29.0.1547.35", "cpe:/a:google:chrome:29.0.1547.32", "cpe:/a:google:chrome:29.0.1547.33", "cpe:/a:google:chrome:29.0.1547.55", "cpe:/a:google:chrome:29.0.1547.12", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:29.0.1547.45", "cpe:/a:google:chrome:29.0.1547.34", "cpe:/a:google:chrome:29.0.1547.48", "cpe:/a:google:chrome:29.0.1547.56", "cpe:/a:google:chrome:29.0.1547.53", "cpe:/a:google:chrome:29.0.1547.1", "cpe:/a:google:chrome:29.0.1547.13", "cpe:/a:google:chrome:29.0.1547.49", "cpe:/a:google:chrome:29.0.1547.0", "cpe:/a:google:chrome:29.0.1547.46", "cpe:/a:google:chrome:29.0.1547.2", "cpe:/a:google:chrome:29.0.1547.15", "cpe:/a:google:chrome:29.0.1547.14"], "id": "CVE-2013-2901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2901", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:29.0.1547.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-29.0.1457.57\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.18.5.14\"", "edition": 1, "modified": "2013-09-25T00:00:00", "published": "2013-09-24T00:00:00", "id": "GLSA-201309-16", "href": "https://security.gentoo.org/glsa/201309-16", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}