ID UB:CVE-2013-6658 Type ubuntucve Reporter ubuntu.com Modified 2014-02-24T00:00:00
Description
Multiple use-after-free vulnerabilities in the layout implementation in
Blink, as used in Google Chrome before 33.0.1750.117, allow remote
attackers to cause a denial of service or possibly have unspecified other
impact via vectors involving (1) running JavaScript code during execution
of the updateWidgetPositions function or (2) making a call into a plugin
during execution of the updateWidgetPositions function.
{"cve": [{"lastseen": "2022-03-23T14:42:14", "description": "Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.", "cvss3": {}, "published": "2014-02-24T04:48:00", "type": "cve", "title": "CVE-2013-6658", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6658"], "modified": "2014-04-01T06:26:00", "cpe": ["cpe:/a:google:chrome:33.0.1750.64", "cpe:/a:google:chrome:33.0.1750.45", "cpe:/a:google:chrome:33.0.1750.28", "cpe:/a:google:chrome:33.0.1750.49", "cpe:/a:google:chrome:33.0.1750.19", "cpe:/a:google:chrome:33.0.1750.52", "cpe:/a:google:chrome:33.0.1750.75", "cpe:/a:google:chrome:33.0.1750.74", "cpe:/a:google:chrome:33.0.1750.37", "cpe:/a:google:chrome:33.0.1750.35", "cpe:/a:google:chrome:33.0.1750.46", "cpe:/a:google:chrome:33.0.1750.68", "cpe:/a:google:chrome:33.0.1750.77", "cpe:/a:google:chrome:33.0.1750.70", "cpe:/a:google:chrome:33.0.1750.61", "cpe:/a:google:chrome:33.0.1750.7", "cpe:/a:google:chrome:33.0.1750.9", "cpe:/a:google:chrome:33.0.1750.54", "cpe:/a:google:chrome:33.0.1750.58", "cpe:/a:google:chrome:33.0.1750.48", "cpe:/a:google:chrome:33.0.1750.108", "cpe:/a:google:chrome:33.0.1750.10", "cpe:/a:google:chrome:33.0.1750.67", "cpe:/a:google:chrome:33.0.1750.42", "cpe:/a:google:chrome:33.0.1750.44", "cpe:/a:google:chrome:33.0.1750.51", "cpe:/a:google:chrome:33.0.1750.89", "cpe:/a:google:chrome:33.0.1750.53", "cpe:/a:google:chrome:33.0.1750.65", "cpe:/a:google:chrome:33.0.1750.23", "cpe:/a:google:chrome:33.0.1750.29", "cpe:/a:google:chrome:33.0.1750.4", "cpe:/a:google:chrome:33.0.1750.63", "cpe:/a:google:chrome:33.0.1750.82", "cpe:/a:google:chrome:33.0.1750.55", "cpe:/a:google:chrome:33.0.1750.43", "cpe:/a:google:chrome:33.0.1750.93", "cpe:/a:google:chrome:33.0.1750.106", "cpe:/a:google:chrome:33.0.1750.109", "cpe:/a:google:chrome:33.0.1750.6", "cpe:/a:google:chrome:33.0.1750.80", "cpe:/a:google:chrome:33.0.1750.83", "cpe:/a:google:chrome:33.0.1750.85", "cpe:/a:google:chrome:33.0.1750.92", "cpe:/a:google:chrome:33.0.1750.16", "cpe:/a:google:chrome:33.0.1750.14", "cpe:/a:google:chrome:33.0.1750.62", "cpe:/a:google:chrome:33.0.1750.36", "cpe:/a:google:chrome:33.0.1750.91", "cpe:/a:google:chrome:33.0.1750.39", "cpe:/a:google:chrome:33.0.1750.38", "cpe:/a:google:chrome:33.0.1750.18", "cpe:/a:google:chrome:33.0.1750.79", "cpe:/a:google:chrome:33.0.1750.12", "cpe:/a:google:chrome:33.0.1750.21", "cpe:/a:google:chrome:33.0.1750.5", "cpe:/a:google:chrome:33.0.1750.25", "cpe:/a:google:chrome:33.0.1750.0", "cpe:/a:google:chrome:33.0.1750.2", "cpe:/a:google:chrome:33.0.1750.69", "cpe:/a:google:chrome:33.0.1750.57", "cpe:/a:google:chrome:33.0.1750.30", "cpe:/a:google:chrome:33.0.1750.3", "cpe:/a:google:chrome:33.0.1750.66", "cpe:/a:google:chrome:33.0.1750.111", "cpe:/a:google:chrome:33.0.1750.22", "cpe:/a:google:chrome:33.0.1750.90", "cpe:/a:google:chrome:33.0.1750.1", "cpe:/a:google:chrome:33.0.1750.116", "cpe:/a:google:chrome:33.0.1750.113", "cpe:/a:google:chrome:33.0.1750.24", "cpe:/a:google:chrome:33.0.1750.40", "cpe:/a:google:chrome:33.0.1750.27", "cpe:/a:google:chrome:33.0.1750.88", "cpe:/a:google:chrome:33.0.1750.59", "cpe:/a:google:chrome:33.0.1750.41", "cpe:/a:google:chrome:33.0.1750.76", "cpe:/a:google:chrome:33.0.1750.104", "cpe:/a:google:chrome:33.0.1750.34", "cpe:/a:google:chrome:33.0.1750.15", "cpe:/a:google:chrome:33.0.1750.50", "cpe:/a:google:chrome:33.0.1750.56", "cpe:/a:google:chrome:33.0.1750.26", "cpe:/a:google:chrome:33.0.1750.107", "cpe:/a:google:chrome:33.0.1750.71", "cpe:/a:google:chrome:33.0.1750.31", "cpe:/a:google:chrome:33.0.1750.110", "cpe:/a:google:chrome:33.0.1750.20", "cpe:/a:google:chrome:33.0.1750.73", "cpe:/a:google:chrome:33.0.1750.60", "cpe:/a:google:chrome:33.0.1750.115", "cpe:/a:google:chrome:33.0.1750.47", "cpe:/a:google:chrome:33.0.1750.13", "cpe:/a:google:chrome:33.0.1750.11", "cpe:/a:google:chrome:33.0.1750.112", "cpe:/a:google:chrome:33.0.1750.81", "cpe:/a:google:chrome:33.0.1750.8"], "id": "CVE-2013-6658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6658", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:47:13", "description": "Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.", "cvss3": {}, "published": "2014-02-24T04:48:00", "type": "debiancve", "title": "CVE-2013-6658", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6658"], "modified": "2014-02-24T04:48:00", "id": "DEBIANCVE:CVE-2013-6658", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6658", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:20", "description": "Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release.\n\nOne of the high-priority vulnerabilities Google patched in [Chrome 33](<http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html>) is an issue with the sandbox in Window. The company also patched a use-after-free vulnerability in the layout of Chrome. Here\u2019s the full list of the bugs discovered by external security researchers fixed in Chrome 33:\n\n[$2000][[334897](<https://code.google.com/p/chromium/issues/detail?id=334897>)] **High **CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. \n[$1000][[331790](<https://code.google.com/p/chromium/issues/detail?id=331790>)] **High** CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. \n[$3000][[333176](<https://code.google.com/p/chromium/issues/detail?id=333176>)] **High** CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. \n[$3000][[293534](<https://code.google.com/p/chromium/issues/detail?id=293534>)] **High** CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. \n[$500][[331725](<https://code.google.com/p/chromium/issues/detail?id=331725>)] **High** CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. \n[$1000][[331060](<https://code.google.com/p/chromium/issues/detail?id=331060>)] **Medium** CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil. \n[$2000][[322891](<https://code.google.com/p/chromium/issues/detail?id=322891>)] **Medium** CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. \n[$1000][[306959](<https://code.google.com/p/chromium/issues/detail?id=306959>)] **Medium** CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.\n\n[[332579](<https://code.google.com/p/chromium/issues/detail?id=332579>)] **Low **CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.\n\nIn addition to these vulnerabilities, Google also fixed more than a dozen bugs that were discovered by the company\u2019s internal security team. That group of bugs includes 15 high-severity flaws and two medium-level vulnerabilities.\n", "cvss3": {}, "published": "2014-02-20T14:13:49", "type": "threatpost", "title": "Google Fixes 28 Security Flaws in Chrome 33", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660"], "modified": "2014-02-24T17:06:59", "id": "THREATPOST:97BD63E7C26340A2B6018D4A2BF79E4D", "href": "https://threatpost.com/google-fixes-28-security-flaws-in-chrome-33/104391/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2022-04-16T14:01:59", "description": "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities :\n\n - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658)\n\n - A casting error exists related to SVG processing.\n (CVE-2013-6654)\n\n - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657)\n\n - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659)\n\n - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660)\n\n - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-21T00:00:00", "type": "nessus", "title": "Google Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_33_0_1750_117.NASL", "href": "https://www.tenable.com/plugins/nessus/72617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72617);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2013-6653\",\n \"CVE-2013-6654\",\n \"CVE-2013-6655\",\n \"CVE-2013-6656\",\n \"CVE-2013-6657\",\n \"CVE-2013-6658\",\n \"CVE-2013-6659\",\n \"CVE-2013-6660\",\n \"CVE-2013-6661\"\n );\n script_bugtraq_id(65699);\n\n script_name(english:\"Google Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is a\nversion prior to 33.0.1750.117. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to handling\n web components and layout. (CVE-2013-6653,\n CVE-2013-6655, CVE-2013-6658)\n\n - A casting error exists related to SVG processing.\n (CVE-2013-6654)\n\n - Errors exist related to the XSS auditor that could lead\n to disclosure of information. (CVE-2013-6656,\n CVE-2013-6657)\n\n - An error exists related to certificate validation and\n TLS handshake processing. (CVE-2013-6659)\n\n - An error exists related to drag and drop handling that\n could lead to disclosure of information. (CVE-2013-6660)\n\n - Various unspecified errors exist having unspecified\n impacts. (CVE-2013-6661)\");\n # http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43898a73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'33.0.1750.117', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:04:44", "description": "Chromium was updated to 33.0.1750.117 Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6653: Use-after-free related to web contents\n\n - CVE-2013-6654: Bad cast in SVG\n\n - CVE-2013-6655: Use-after-free in layout\n\n - CVE-2013-6656: Information leak in XSS auditor\n\n - CVE-2013-6657: Information leak in XSS auditor\n\n - CVE-2013-6658: Use-after-free in layout\n\n - CVE-2013-6659: Issue with certificates validation in TLS handshake\n\n - CVE-2013-6660: Information leak in drag and drop\n\n - CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.\n\n - Other :\n\n - Google Chrome Frame has been retired", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0327-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-182.NASL", "href": "https://www.tenable.com/plugins/nessus/75275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-182.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75275);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\");\n script_bugtraq_id(65699);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0327-1)\");\n script_summary(english:\"Check for the openSUSE-2014-182 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 33.0.1750.117 Stable channel update :\n\n - Security Fixes :\n\n - CVE-2013-6653: Use-after-free related to web contents\n\n - CVE-2013-6654: Bad cast in SVG\n\n - CVE-2013-6655: Use-after-free in layout\n\n - CVE-2013-6656: Information leak in XSS auditor\n\n - CVE-2013-6657: Information leak in XSS auditor\n\n - CVE-2013-6658: Use-after-free in layout\n\n - CVE-2013-6659: Issue with certificates validation in TLS\n handshake\n\n - CVE-2013-6660: Information leak in drag and drop\n\n - CVE-2013-6661: Various fixes from internal audits,\n fuzzing and other initiatives. Of these, seven are fixes\n for issues that could have allowed for sandbox escapes\n from compromised renderers.\n\n - Other :\n\n - Google Chrome Frame has been retired\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.117-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-33.0.1750.117-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.117-21.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:51:02", "description": "The Google Chrome browser detected on the remote system is older than version 33.0.1750.117, and is therefore vulnerable to the following issues:\n\n - Undisclosed vulnerability exists with relative paths in Windows sandbox named pipe policy (CVE-2013-6652)\n\n - Use-after free issues related to web contents (CVE-2013-6653) and layout (CVE-2013-6655, CVE-2013-6658)\n\n - Undisclosed vulnerability in Bad cast in SVG (CVE-2013-6654)\n\n - Information-disclosure vulnerabilities with XSS auditor (CVE-2013-6656, CVE-2013-6657) and drag-and-drop (CVE-2013-6660)\n\n - Security-bypass vulnerability during certificates validation in a TLS handshake (CVE-2013-6659)\n\n - Other additional issues undisclosed by the vendor (CVE-2013-6661)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-21T00:00:00", "type": "nessus", "title": "Google Chrome < 33.0.1750.117 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "8130.PASL", "href": "https://www.tenable.com/plugins/nnm/8130", "sourceData": "Binary data 8130.pasl", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:01:23", "description": "Google Chrome Releases reports :\n\n28 security fixes in this release, including :\n\n- [334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.\n\n- [331790] High CVE-2013-6653: Use-after-free related to web contents.\nCredit to Khalil Zhani.\n\n- [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.\n\n- [293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.\n\n- [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.\n\n- [331060] Medium CVE-2013-6657: Information leak in XSS auditor.\nCredit to NeexEmil.\n\n- [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.\n\n- [306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.\n\n- [332579] Low CVE-2013-6660: Information leak in drag and drop.\nCredit to bishopjeffreys.\n\n- [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-25T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9DD47FA39D5311E3B20F00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/72676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72676);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n28 security fixes in this release, including :\n\n- [334897] High CVE-2013-6652: Issue with relative paths in Windows\nsandbox named pipe policy. Credit to tyranid.\n\n- [331790] High CVE-2013-6653: Use-after-free related to web contents.\nCredit to Khalil Zhani.\n\n- [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.\n\n- [293534] High CVE-2013-6655: Use-after-free in layout. Credit to\ncloudfuzzer.\n\n- [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit\nto NeexEmil.\n\n- [331060] Medium CVE-2013-6657: Information leak in XSS auditor.\nCredit to NeexEmil.\n\n- [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to\ncloudfuzzer.\n\n- [306959] Medium CVE-2013-6659: Issue with certificates validation in\nTLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan\nBhargavan from Prosecco, Inria Paris.\n\n- [332579] Low CVE-2013-6660: Information leak in drag and drop.\nCredit to bishopjeffreys.\n\n- [344876] Low-High CVE-2013-6661: Various fixes from internal audits,\nfuzzing and other initiatives. Of these, seven are fixes for issues\nthat could have allowed for sandbox escapes from compromised\nrenderers.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/9dd47fa3-9d53-11e3-b20f-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65ed3ecf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<33.0.1750.117\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:01:33", "description": "The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists related to relative path in Windows sandbox named pipe policy. (CVE-2013-6652)\n\n - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658)\n\n - A casting error exists related to SVG processing.\n (CVE-2013-6654)\n\n - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657)\n\n - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659)\n\n - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660)\n\n - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-21T00:00:00", "type": "nessus", "title": "Google Chrome < 33.0.1750.117 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_33_0_1750_117.NASL", "href": "https://www.tenable.com/plugins/nessus/72616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72616);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-6652\",\n \"CVE-2013-6653\",\n \"CVE-2013-6654\",\n \"CVE-2013-6655\",\n \"CVE-2013-6656\",\n \"CVE-2013-6657\",\n \"CVE-2013-6658\",\n \"CVE-2013-6659\",\n \"CVE-2013-6660\",\n \"CVE-2013-6661\"\n );\n script_bugtraq_id(65699);\n\n script_name(english:\"Google Chrome < 33.0.1750.117 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.117. It is, therefore, affected by the following\nvulnerabilities :\n\n - An error exists related to relative path in Windows\n sandbox named pipe policy. (CVE-2013-6652)\n\n - Use-after-free errors exist related to handling\n web components and layout. (CVE-2013-6653,\n CVE-2013-6655, CVE-2013-6658)\n\n - A casting error exists related to SVG processing.\n (CVE-2013-6654)\n\n - Errors exist related to the XSS auditor that could lead\n to disclosure of information. (CVE-2013-6656,\n CVE-2013-6657)\n\n - An error exists related to certificate validation and\n TLS handshake processing. (CVE-2013-6659)\n\n - An error exists related to drag and drop handling that\n could lead to disclosure of information. (CVE-2013-6660)\n\n - Various unspecified errors exist having unspecified\n impacts. (CVE-2013-6661)\");\n # http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43898a73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'33.0.1750.117', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:02:07", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser.\n\n - CVE-2013-6654 TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling.\n\n - CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor.\n\n - CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor.\n\n - CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation.\n\n - CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation.\n\n - CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117.\n\n - CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling.\n\n - CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature.\n\n - CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer.\n\n - CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin.\n\n - CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146.\n\n - CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis.\n\n - CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling.\n\n - CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation.\n\n - CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape.\n\n - CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705 A memory corruption issue was discovered in the V8 JavaScript library.\n\n - CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function.\n\n - CVE-2014-1715 A directory traversal issue was found and fixed.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-25T00:00:00", "type": "nessus", "title": "Debian DSA-2883-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1715"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/73164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2883. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73164);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_bugtraq_id(65699, 65930, 66120, 66239, 66243, 66249);\n script_xref(name:\"DSA\", value:\"2883\");\n\n script_name(english:\"Debian DSA-2883-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium's web contents color chooser.\n\n - CVE-2013-6654\n TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655\n cloudfuzzer discovered a use-after-free issue in dom\n event handling.\n\n - CVE-2013-6656\n NeexEmil discovered an information leak in the XSS\n auditor.\n\n - CVE-2013-6657\n NeexEmil discovered a way to bypass the Same Origin\n policy in the XSS auditor.\n\n - CVE-2013-6658\n cloudfuzzer discovered multiple use-after-free issues\n surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan\n discovered that it was possible to trigger an unexpected\n certificate chain during TLS renegotiation.\n\n - CVE-2013-6660\n bishopjeffreys discovered an information leak in the\n drag and drop implementation.\n\n - CVE-2013-6661\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.117.\n\n - CVE-2013-6663\n Atte Kettunen discovered a use-after-free issue in SVG\n handling.\n\n - CVE-2013-6664\n Khalil Zhani discovered a use-after-free issue in the\n speech recognition feature.\n\n - CVE-2013-6665\n cloudfuzzer discovered a buffer overflow issue in the\n software renderer.\n\n - CVE-2013-6666\n netfuzzer discovered a restriction bypass in the Pepper\n Flash plugin.\n\n - CVE-2013-6667\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.146.\n\n - CVE-2013-6668\n Multiple vulnerabilities were fixed in version\n 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700\n Chamal de Silva discovered a use-after-free issue in\n speech synthesis.\n\n - CVE-2014-1701\n aidanhs discovered a cross-site scripting issue in event\n handling.\n\n - CVE-2014-1702\n Colin Payne discovered a use-after-free issue in the web\n database implementation.\n\n - CVE-2014-1703\n VUPEN discovered a use-after-free issue in web sockets\n that could lead to a sandbox escape.\n\n - CVE-2014-1704\n Multiple vulnerabilities were fixed in version\n 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705\n A memory corruption issue was discovered in the V8\n JavaScript library.\n\n - CVE-2014-1713\n A use-after-free issue was discovered in the\n AttributeSetter function.\n\n - CVE-2014-1715\n A directory traversal issue was found and fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2883\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 33.0.1750.152-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:51", "description": "The remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-06T00:00:00", "type": "nessus", "title": "GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2906", "CVE-2013-2907", "CVE-2013-2908", "CVE-2013-2909", "CVE-2013-2910", "CVE-2013-2911", "CVE-2013-2912", "CVE-2013-2913", "CVE-2013-2915", "CVE-2013-2916", "CVE-2013-2917", "CVE-2013-2918", "CVE-2013-2919", "CVE-2013-2920", "CVE-2013-2921", "CVE-2013-2922", "CVE-2013-2923", "CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6632", "CVE-2013-6634", "CVE-2013-6635", "CVE-2013-6636", "CVE-2013-6637", "CVE-2013-6638", "CVE-2013-6639", "CVE-2013-6640", "CVE-2013-6641", "CVE-2013-6643", "CVE-2013-6644", "CVE-2013-6645", "CVE-2013-6646", "CVE-2013-6649", "CVE-2013-6650", "CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2013-6802", "CVE-2014-1681"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:v8", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201403-01.NASL", "href": "https://www.tenable.com/plugins/nessus/72851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201403-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72851);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6632\", \"CVE-2013-6634\", \"CVE-2013-6635\", \"CVE-2013-6636\", \"CVE-2013-6637\", \"CVE-2013-6638\", \"CVE-2013-6639\", \"CVE-2013-6640\", \"CVE-2013-6641\", \"CVE-2013-6643\", \"CVE-2013-6644\", \"CVE-2013-6645\", \"CVE-2013-6646\", \"CVE-2013-6649\", \"CVE-2013-6650\", \"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2013-6802\", \"CVE-2014-1681\");\n script_bugtraq_id(62752, 63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63674, 63675, 63677, 63678, 63727, 63729, 64078, 64354, 64805, 64981, 65168, 65172, 65232, 65699, 65779, 65930);\n script_xref(name:\"GLSA\", value:\"201403-01\");\n\n script_name(english:\"GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201403-01\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other unspecified\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201403-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-33.0.1750.146'\n Gentoo has discontinued support for separate V8 package. We recommend\n that users unmerge V8:\n # emerge --unmerge 'dev-lang/v8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 33.0.1750.146\"), vulnerable:make_list(\"lt 33.0.1750.146\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(), vulnerable:make_list(\"lt 3.20.17.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Use-after-free related to web contents (CVE-2013-6653). Bad cast in SVG (CVE-2013-6654). Use-after-free in layout (CVE-2013-6655). Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657). Use-after-free in layout (CVE-2013-6658). Issue with certificates validation in TLS handshake (CVE-2013-6659). Information leak in drag and drop (CVE-2013-6660). Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers (CVE-2013-6661). \n", "cvss3": {}, "published": "2014-02-27T22:07:50", "type": "mageia", "title": "Updated chromium-browser-stable packages address multiple vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2014-02-27T22:07:50", "id": "MGASA-2014-0107", "href": "https://advisories.mageia.org/MGASA-2014-0107.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-04-22T17:03:47", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-26T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Feb2014 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6659", "CVE-2013-6657"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310903515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Feb2014 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903515\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\",\n \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\",\n \"CVE-2013-6661\");\n script_bugtraq_id(65699);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-26 11:25:30 +0530 (Wed, 26 Feb 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Feb2014 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error related to web contents can be exploited to cause\n memory corruption.\n\n - An unspecified error exists in 'SVGAnimateElement::calculateAnimatedValue'\n function related to type casting in SVG.\n\n - A use-after-free error related to layout can be exploited to cause memory\n corruption.\n\n - An error in XSS auditor 'XSSAuditor::init' function can be exploited to\n disclose certain information.\n\n - Another error in XSS auditor can be exploited to disclose certain information.\n\n - Another use-after-free error related to layout can be exploited to cause\n memory corruption\n\n - An unspecified error exists in 'SSLClientSocketNSS::Core::OwnAuthCertHandler'\n function related to certificates validation in TLS handshake.\n\n - An error in drag and drop can be exploited to disclose unspecified\n information.\n\n - Some unspecified errors exist. No further information is currently available.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, execution of arbitrary code and unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.117 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.117 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57028\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1029813\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/02/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.117\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.117\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:38", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-26T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Feb2014 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6659", "CVE-2013-6657"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310903516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Feb2014 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903516\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\",\n \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\",\n \"CVE-2013-6661\");\n script_bugtraq_id(65699);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-26 11:37:10 +0530 (Wed, 26 Feb 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Feb2014 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error related to web contents can be exploited to cause\n memory corruption.\n\n - An unspecified error exists in 'SVGAnimateElement::calculateAnimatedValue'\n function related to type casting in SVG.\n\n - A use-after-free error related to layout can be exploited to cause memory\n corruption.\n\n - An error in XSS auditor 'XSSAuditor::init' function can be exploited to\n disclose certain information.\n\n - Another error in XSS auditor can be exploited to disclose certain information.\n\n - Another use-after-free error related to layout can be exploited to cause\n memory corruption\n\n - An unspecified error exists in 'SSLClientSocketNSS::Core::OwnAuthCertHandler'\n function related to certificates validation in TLS handshake.\n\n - An error in drag and drop can be exploited to disclose unspecified\n information.\n\n - Some unspecified errors exist. No further information is currently available.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, execution of arbitrary code and unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.117 on Linux\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.117 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57028\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1029813\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/02/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.117\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.117\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:32", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-26T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Feb2014 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6659", "CVE-2013-6652", "CVE-2013-6657"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310903514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Feb2014 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903514\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\",\n \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\",\n \"CVE-2013-6660\", \"CVE-2013-6661\");\n script_bugtraq_id(65699);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-26 11:21:50 +0530 (Wed, 26 Feb 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Feb2014 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error in 'sandbox/win/src/named_pipe_dispatcher.cc' related to\n relative paths in Windows sandbox named pipe policy.\n\n - A use-after-free error related to web contents can be exploited to cause\n memory corruption.\n\n - An unspecified error exists in 'SVGAnimateElement::calculateAnimatedValue'\n function related to type casting in SVG.\n\n - A use-after-free error related to layout can be exploited to cause memory\n corruption.\n\n - An error in XSS auditor 'XSSAuditor::init' function can be exploited to\n disclose certain information.\n\n - Another error in XSS auditor can be exploited to disclose certain information.\n\n - Another use-after-free error related to layout can be exploited to cause\n memory corruption\n\n - An unspecified error exists in 'SSLClientSocketNSS::Core::OwnAuthCertHandler'\n function related to certificates validation in TLS handshake.\n\n - An error in drag and drop can be exploited to disclose unspecified\n information.\n\n - Some unspecified errors exist. No further information is currently available.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, execution of arbitrary code and unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.117 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.117 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57028\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1029813\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/02/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.117\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"33.0.1750.117\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:12:48", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.", "cvss3": {}, "published": "2014-03-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "modified": "2017-08-23T00:00:00", "id": "OPENVAS:702883", "href": "http://plugins.openvas.org/nasl.php?oid=702883", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702883);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2883.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:10", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium", "cvss3": {}, "published": "2014-03-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702883", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702883\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2883.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654\nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658\ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659\nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660\nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663\nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665\ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666\nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668\nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700\nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701\naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703\nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704\nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705\nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713\nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715\nA directory traversal issue was found and fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:58", "description": "Gentoo Linux Local Security Checks GLSA 201403-01", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201403-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6635", "CVE-2013-6649", "CVE-2013-2922", "CVE-2013-2915", "CVE-2013-6802", "CVE-2013-6667", "CVE-2013-6655", "CVE-2013-2920", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-2931", "CVE-2013-6660", "CVE-2013-6644", "CVE-2013-2926", "CVE-2013-2907", "CVE-2013-2919", "CVE-2013-2921", "CVE-2013-2908", "CVE-2013-6665", "CVE-2013-2913", "CVE-2013-6666", "CVE-2013-2912", "CVE-2013-6626", "CVE-2013-6636", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6627", "CVE-2013-2917", "CVE-2013-2910", "CVE-2013-2916", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6641", "CVE-2013-6659", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6634", "CVE-2013-6646", "CVE-2013-6638", "CVE-2013-6643", "CVE-2013-6639", "CVE-2013-6628", "CVE-2013-2927", "CVE-2013-2906", "CVE-2013-2923", "CVE-2013-6632", "CVE-2013-2911", "CVE-2013-2909", "CVE-2013-6637", "CVE-2013-6622", "CVE-2013-6652", "CVE-2013-6657", "CVE-2014-1681", "CVE-2013-2918", "CVE-2013-6645", "CVE-2013-6623", "CVE-2013-6668", "CVE-2013-6664", "CVE-2013-2928", "CVE-2013-6650", "CVE-2013-6640"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201403-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121161\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:58 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201403-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201403-01\");\n script_cve_id(\"CVE-2013-2906\", \"CVE-2013-2907\", \"CVE-2013-2908\", \"CVE-2013-2909\", \"CVE-2013-2910\", \"CVE-2013-2911\", \"CVE-2013-2912\", \"CVE-2013-2913\", \"CVE-2013-2915\", \"CVE-2013-2916\", \"CVE-2013-2917\", \"CVE-2013-2918\", \"CVE-2013-2919\", \"CVE-2013-2920\", \"CVE-2013-2921\", \"CVE-2013-2922\", \"CVE-2013-2923\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\", \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\", \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\", \"CVE-2013-6628\", \"CVE-2013-6632\", \"CVE-2013-6634\", \"CVE-2013-6635\", \"CVE-2013-6636\", \"CVE-2013-6637\", \"CVE-2013-6638\", \"CVE-2013-6639\", \"CVE-2013-6640\", \"CVE-2013-6641\", \"CVE-2013-6643\", \"CVE-2013-6644\", \"CVE-2013-6645\", \"CVE-2013-6646\", \"CVE-2013-6649\", \"CVE-2013-6650\", \"CVE-2013-6652\", \"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2013-6802\", \"CVE-2014-1681\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201403-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 33.0.1750.146\"), vulnerable: make_list(\"lt 33.0.1750.146\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(), vulnerable: make_list(\"lt 3.20.17.13\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:26", "description": "\nGoogle Chrome Releases reports:\n\n28 security fixes in this release, including:\n\n[334897] High CVE-2013-6652: Issue with relative paths in\n\t Windows sandbox named pipe policy. Credit to tyranid.\n[331790] High CVE-2013-6653: Use-after-free related to web\n\t contents. Credit to Khalil Zhani.\n[333176] High CVE-2013-6654: Bad cast in SVG. Credit to\n\t TheShow3511.\n[293534] High CVE-2013-6655: Use-after-free in layout. Credit\n\t to cloudfuzzer.\n[331725] High CVE-2013-6656: Information leak in XSS auditor.\n\t Credit to NeexEmil.\n[331060] Medium CVE-2013-6657: Information leak in XSS auditor.\n\t Credit to NeexEmil.\n[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit\n\t to cloudfuzzer.\n[306959] Medium CVE-2013-6659: Issue with certificates\n\t validation in TLS handshake. Credit to Antoine Delignat-Lavaud\n\t and Karthikeyan Bhargavan from Prosecco, Inria Paris.\n[332579] Low CVE-2013-6660: Information leak in drag and drop.\n\t Credit to bishopjeffreys.\n[344876] Low-High CVE-2013-6661: Various fixes from internal\n\t audits, fuzzing and other initiatives. Of these, seven are fixes\n\t for issues that could have allowed for sandbox escapes from\n\t compromised renderers.\n\n\n", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2013-6656", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6659", "CVE-2013-6652", "CVE-2013-6657"], "modified": "2014-02-20T00:00:00", "id": "9DD47FA3-9D53-11E3-B20F-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/9dd47fa3-9d53-11e3-b20f-00262d5ed8ee.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "chrome": [{"lastseen": "2021-12-30T22:35:07", "description": "The Stable Channel has been updated to 33.0.1750.117 for Windows, Mac, and Linux. \n\n**Security Fixes and Rewards** \n\nThis update includes [28 security fixes](<https://code.google.com/p/chromium/issues/list?can=1&q=type%3Abug-security+label%3ARelease-0-M33>). Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the [Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$2000][[334897](<https://code.google.com/p/chromium/issues/detail?id=334897>)] **High **CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. \n[$1000][[331790](<https://code.google.com/p/chromium/issues/detail?id=331790>)] **High** CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. \n[$3000][[333176](<https://code.google.com/p/chromium/issues/detail?id=333176>)] **High** CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. \n[$3000][[293534](<https://code.google.com/p/chromium/issues/detail?id=293534>)] **High** CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. \n[$500][[331725](<https://code.google.com/p/chromium/issues/detail?id=331725>)] **High** CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. \n[$1000][[331060](<https://code.google.com/p/chromium/issues/detail?id=331060>)] **Medium** CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil. \n[$2000][[322891](<https://code.google.com/p/chromium/issues/detail?id=322891>)] **Medium** CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. \n[$1000][[306959](<https://code.google.com/p/chromium/issues/detail?id=306959>)] **Medium** CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. \n\n[[332579](<https://code.google.com/p/chromium/issues/detail?id=332579>)] **Low **CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. \n\n\n\nAs usual, our ongoing internal security work responsible for a wide range of fixes: \n\n\n * [[344876](<https://code.google.com/p/chromium/issues/detail?id=344876>)] **Low-High** CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.\n\nMany of the above bugs were detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>).\n\n\n\n\n**General Announcements** \n\nGoogle Chrome Frame has been retired, please read our June 2013 Chromium [blog post](<http://blog.chromium.org/2013/06/retiring-chrome-frame.html>) for additional details and background.\n\n\n\n\nThis release fixes a number of crashes and other bugs. A full list of changes is available in the [SVN log](<http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=232870:241107&mode=html>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/>). \n\n\nAnthony Laforge \nGoogle Chrome", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2014-02-20T00:00:00", "id": "GCSA-7011096153929341353", "href": "https://chromereleases.googleblog.com/2014/02/stable-channel-update_20.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:34:12", "description": "BUGTRAQ ID: 65699\r\nCVE(CAN) ID: CVE-2013-6652,CVE-2013-6653,CVE-2013-6654,CVE-2013-6655,CVE-2013-6656,CVE-2013-6657,CVE-2013-6658,CVE-2013-6659,CVE-2013-6660,CVE-2013-6661\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 33.0.1750.117\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3001\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u3002\n0\nGoogle Chrome < 33.0.1750.117\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.google.com", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "seebug", "title": "Google Chrome 33.0.1750.117\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661"], "modified": "2014-02-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61539", "id": "SSV:61539", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2883-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 23, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \r\n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\r\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\r\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\r\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\r\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\r\n\r\nSeveral vulnerabilities have been discovered in the chromium web browser.\r\n\r\nCVE-2013-6653\r\n\r\n Khalil Zhani discovered a use-after-free issue in chromium's web\r\n contents color chooser.\r\n\r\nCVE-2013-6654\r\n\r\n TheShow3511 discovered an issue in SVG handling.\r\n\r\nCVE-2013-6655\r\n\r\n cloudfuzzer discovered a use-after-free issue in dom event handling.\r\n\r\nCVE-2013-6656\r\n\r\n NeexEmil discovered an information leak in the XSS auditor.\r\n\r\nCVE-2013-6657\r\n\r\n NeexEmil discovered a way to bypass the Same Origin policy in the\r\n XSS auditor.\r\n\r\nCVE-2013-6658\r\n\r\n cloudfuzzer discovered multiple use-after-free issues surrounding\r\n the updateWidgetPositions function.\r\n\r\nCVE-2013-6659\r\n\r\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\r\n it was possible to trigger an unexpected certificate chain during\r\n TLS renegotiation.\r\n\r\nCVE-2013-6660\r\n\r\n bishopjeffreys discovered an information leak in the drag and drop\r\n implementation.\r\n\r\nCVE-2013-6661\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.117.\r\n\r\nCVE-2013-6663\r\n\r\n Atte Kettunen discovered a use-after-free issue in SVG handling.\r\n\r\nCVE-2013-6664\r\n\r\n Khalil Zhani discovered a use-after-free issue in the speech\r\n recognition feature.\r\n\r\nCVE-2013-6665\r\n\r\n cloudfuzzer discovered a buffer overflow issue in the software\r\n renderer.\r\n\r\nCVE-2013-6666\r\n\r\n netfuzzer discovered a restriction bypass in the Pepper Flash\r\n plugin.\r\n\r\nCVE-2013-6667\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.146.\r\n\r\nCVE-2013-6668\r\n\r\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1700\r\n\r\n Chamal de Silva discovered a use-after-free issue in speech\r\n synthesis.\r\n\r\nCVE-2014-1701\r\n\r\n aidanhs discovered a cross-site scripting issue in event handling.\r\n\r\nCVE-2014-1702\r\n\r\n Colin Payne discovered a use-after-free issue in the web database\r\n implementation.\r\n\r\nCVE-2014-1703\r\n\r\n VUPEN discovered a use-after-free issue in web sockets that\r\n could lead to a sandbox escape.\r\n\r\nCVE-2014-1704\r\n\r\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1705\r\n\r\n A memory corruption issue was discovered in the V8 javascript\r\n library.\r\n\r\nCVE-2014-1713\r\n\r\n A use-after-free issue was discovered in the AttributeSetter\r\n function. \r\n\r\nCVE-2014-1715\r\n\r\n A directory traversal issue was found and fixed.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 33.0.1750.152-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 33.0.1750.152-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN\r\no5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS\r\n4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH\r\nLQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T\r\npbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne\r\nFgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch\r\nV19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o\r\nY8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG\r\nea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq\r\nRcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4\r\ne/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG\r\nFx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72\r\ni7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD\r\ncdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc\r\n/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW\r\n0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu\r\nXdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22\r\nlBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI\r\nAr/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+\r\nTi/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY\r\nvoLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09\r\nyItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=\r\n=tb+u\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-03-25T00:00:00", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "modified": "2014-03-25T00:00:00", "id": "SECURITYVULNS:DOC:30384", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30384", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:51:20", "description": "Memory corruprions, information leakage, certificate validation issues, protection bypass, crossite scripting, directory traversal.", "edition": 2, "cvss3": {}, "published": "2014-03-27T00:00:00", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-6667", "CVE-2013-6655", "CVE-2013-6658", "CVE-2013-6661", "CVE-2013-6660", "CVE-2014-1703", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6656", "CVE-2014-1705", "CVE-2013-6654", "CVE-2013-6653", "CVE-2013-6663", "CVE-2013-6659", "CVE-2014-1713", "CVE-2014-1701", "CVE-2014-1704", "CVE-2013-6657", "CVE-2014-1715", "CVE-2013-6668", "CVE-2014-1702", "CVE-2013-6664", "CVE-2014-1700"], "modified": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13629", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-21T23:17:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.\n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.\n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.\n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.\n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation.\n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.\n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.\n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer.\n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.\n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.\n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.\n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis.\n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation.\n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.\n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.\n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library.\n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nCVE-2014-1715\n\n A directory traversal issue was found and fixed.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-03-24T01:02:13", "type": "debian", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1715"], "modified": "2014-03-24T01:02:13", "id": "DEBIAN:DSA-2883-1:B52C6", "href": "https://lists.debian.org/debian-security-announce/2014/msg00055.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-01T00:05:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.\n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.\n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.\n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.\n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation.\n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.\n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.\n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer.\n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.\n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.\n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.\n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis.\n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation.\n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.\n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.\n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library.\n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nCVE-2014-1715\n\n A directory traversal issue was found and fixed.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-03-24T01:02:13", "type": "debian", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1715"], "modified": "2014-03-24T01:02:13", "id": "DEBIAN:DSA-2883-1:8DB61", "href": "https://lists.debian.org/debian-security-announce/2014/msg00055.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:06", "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-33.0.1750.146\"\n \n\nGentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: \n \n \n # emerge --unmerge \"dev-lang/v8\"", "cvss3": {}, "published": "2014-03-05T00:00:00", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2906", "CVE-2013-2907", "CVE-2013-2908", "CVE-2013-2909", "CVE-2013-2910", "CVE-2013-2911", "CVE-2013-2912", "CVE-2013-2913", "CVE-2013-2915", "CVE-2013-2916", "CVE-2013-2917", "CVE-2013-2918", "CVE-2013-2919", "CVE-2013-2920", "CVE-2013-2921", "CVE-2013-2922", "CVE-2013-2923", "CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6632", "CVE-2013-6634", "CVE-2013-6635", "CVE-2013-6636", "CVE-2013-6637", "CVE-2013-6638", "CVE-2013-6639", "CVE-2013-6640", "CVE-2013-6641", "CVE-2013-6643", "CVE-2013-6644", "CVE-2013-6645", "CVE-2013-6646", "CVE-2013-6649", "CVE-2013-6650", "CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2013-6802", "CVE-2014-1681"], "modified": "2014-03-05T00:00:00", "id": "GLSA-201403-01", "href": "https://security.gentoo.org/glsa/201403-01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
