Lucene search

K
osvGoogleOSV:DSA-2799-1
HistoryNov 16, 2013 - 12:00 a.m.

chromium-browser - several

2013-11-1600:00:00
Google
osv.dev
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

92.3%

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2013-2931
    The chrome 31 development team found various issues from internal
    fuzzing, audits, and other studies.
  • CVE-2013-6621
    Khalil Zhani discovered a use-after-free issue in speech input
    handling.
  • CVE-2013-6622
    cloudfuzzer discovered a use-after-free issue in
    HTMLMediaElement.
  • CVE-2013-6623
    miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG
    implementation.
  • CVE-2013-6624
    Jon Butler discovered a use-after-free issue in id attribute
    strings.
  • CVE-2013-6625
    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
    DOM implementation.
  • CVE-2013-6626
    Chamal de Silva discovered an address bar spoofing issue.
  • CVE-2013-6627
    skylined discovered an out-of-bounds read in the HTTP stream
    parser.
  • CVE-2013-6628
    Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris
    discovered that a different (unverified) certificate could be used
    after successful TLS renegotiation with a valid certificate.
  • CVE-2013-6629
    Michal Zalewski discovered an uninitialized memory read in the
    libjpeg and libjpeg-turbo libraries.
  • CVE-2013-6630
    Michal Zalewski discovered another uninitialized memory read in
    the libjpeg and libjpeg-turbo libraries.
  • CVE-2013-6631
    Patrik HĂśglund discovered a use-free issue in the libjingle
    library.
  • CVE-2013-6632
    Pinkie Pie discovered multiple memory corruption issues.

For the stable distribution (wheezy), these problems have been fixed in
version 31.0.1650.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 31.0.1650.57-1.

We recommend that you upgrade your chromium-browser packages.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

92.3%