ID ZDI-14-088 Type zdi Reporter Anonymous Modified 2014-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"bulletinFamily": "info", "hash": "1237c71a0e7f5432fe986b7e5243eb9d3aa8377dfd980ef75191111d799b123b", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-088", "id": "ZDI-14-088", "lastseen": "2016-11-09T00:18:12", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "2599ca77350d59b88cc2824ed273bab2", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8ead9635689759d22150255f6c48628f", "key": "description"}, {"hash": "06f551a3586b3fc56ebfeab333f0a9d2", "key": "href"}, {"hash": "0e8f4f13c11de32dac689cf2a0ab4284", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "0cfcacd6fdc5d4970db7b30a52830860", "key": "references"}, {"hash": "7079c72c21415131774625ba1d64f4b0", "key": "reporter"}, {"hash": "19d92fd084716f95bdc763dfbcb6f095", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvelist": ["CVE-2014-1705"], "viewCount": 61, "published": "2014-04-11T00:00:00", "references": ["http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html"], "history": [{"bulletin": {"bulletinFamily": "info", "hash": "61e5748fd7d0a765fe90f34c1a29250472c389648e2feda34b66d5e7cd6696b4", "id": "ZDI-14-088", "lastseen": "2016-09-04T11:33:46", "references": ["http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html"], "objectVersion": "1.2", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2014-1705"], "viewCount": 1, "published": "2014-04-11T00:00:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. An attacker can leverage this vulnerability to execute code under the context of the current process.", "history": [], "edition": 1, "reporter": "Anonymous", "hashmap": [{"hash": "8ead9635689759d22150255f6c48628f", "key": "description"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "19d92fd084716f95bdc763dfbcb6f095", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "06f551a3586b3fc56ebfeab333f0a9d2", "key": "href"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "0cfcacd6fdc5d4970db7b30a52830860", "key": "references"}, {"hash": "7079c72c21415131774625ba1d64f4b0", "key": "reporter"}, {"hash": "2599ca77350d59b88cc2824ed273bab2", "key": "cvelist"}, {"hash": "9a10e9ed12ba0880a3e4c132dbded84d", "key": "modified"}], "title": "(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability", "modified": "2014-09-04T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-088", "type": "zdi"}, "lastseen": "2016-09-04T11:33:46", "edition": 1, "differentElements": ["modified"]}], "edition": 2, "reporter": "Anonymous", "title": "(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability", "modified": "2014-11-09T00:00:00", "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-1705"]}, {"type": "seebug", "idList": ["SSV:61864"]}, {"type": "freebsd", "idList": ["A70966A1-AC22-11E3-8D04-00262D5ED8EE"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_A70966A1AC2211E38D0400262D5ED8EE.NASL", "GOOGLE_CHROME_33_0_1750_154.NASL", "MACOSX_GOOGLE_CHROME_33_0_1750_152.NASL", "OPENSUSE-2014-280.NASL", "DEBIAN_DSA-2883.NASL", "GENTOO_GLSA-201408-16.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804343", "OPENVAS:1361412562310804342", "OPENVAS:1361412562310804344", "OPENVAS:1361412562310850581", "OPENVAS:850581", "OPENVAS:1361412562310702883", "OPENVAS:702883", "OPENVAS:1361412562310121260"]}, {"type": "threatpost", "idList": ["THREATPOST:92620F5AFF6D439FD7555958C7778604"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0501-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30384", "SECURITYVULNS:VULN:13629"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2883-1:8DB61"]}, {"type": "gentoo", "idList": ["GLSA-201408-16"]}], "modified": "2016-11-09T00:18:12"}, "vulnersScore": 9.3}, "type": "zdi"}
{"cve": [{"lastseen": "2018-11-01T05:14:33", "bulletinFamily": "NVD", "description": "Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", "modified": "2018-10-30T12:27:37", "published": "2014-03-16T10:06:45", "id": "CVE-2014-1705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1705", "title": "CVE-2014-1705", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:29:59", "bulletinFamily": "exploit", "description": "Bugtraq ID:66239\r\nCVE ID:CVE-2014-1705\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u6240\u4f7f\u7528\u7684V8\u5f15\u64ce\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nGoogle Chrome\r\nChrome 33.0.1750.152\u548c33.0.1750.154\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.google.com/chrome", "modified": "2014-03-20T00:00:00", "published": "2014-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61864", "id": "SSV:61864", "title": "Google Chrome V8\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2018-09-01T23:56:40", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\nNew vulnerabilities after the Pwn2Own competition :\n\n- [352369] Code execution outside sandbox. Credit to VUPEN.\n\n- [352374] High CVE-2014-1713: Use-after-free in Blink bindings\n\n- [352395] High CVE-2014-1714: Windows clipboard vulnerability\n\n- [352420] Code execution outside sandbox. Credit to Anonymous.\n\n- [351787] High CVE-2014-1705: Memory corruption in V8\n\n- [352429] High CVE-2014-1715: Directory traversal issue", "modified": "2015-01-12T00:00:00", "published": "2014-03-17T00:00:00", "id": "FREEBSD_PKG_A70966A1AC2211E38D0400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73049", "title": "FreeBSD : www/chromium -- multiple vulnerabilities (a70966a1-ac22-11e3-8d04-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73049);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/01/12 14:02:26 $\");\n\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n\n script_name(english:\"FreeBSD : www/chromium -- multiple vulnerabilities (a70966a1-ac22-11e3-8d04-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nNew vulnerabilities after the Pwn2Own competition :\n\n- [352369] Code execution outside sandbox. Credit to VUPEN.\n\n- [352374] High CVE-2014-1713: Use-after-free in Blink bindings\n\n- [352395] High CVE-2014-1714: Windows clipboard vulnerability\n\n- [352420] Code execution outside sandbox. Credit to Anonymous.\n\n- [351787] High CVE-2014-1705: Memory corruption in V8\n\n- [352429] High CVE-2014-1715: Directory traversal issue\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/a70966a1-ac22-11e3-8d04-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dab8099c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<33.0.1750.152\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.154. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write error with the a sandbox bypass, specifically the V8 JavaScript engine. This could allow an attacker to execute code or cause a denial of service if the exploit fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the 'document.location' bindings. An attacker, using a specially crafted web page, can dereference freed memory and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A context-dependent attacker could bypass sandbox restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the 'CreatePlatformFileUnsafe()' function in the 'base/platform_file_win.cc' where user input is not properly sanitized. A context-dependent attacker could open arbitrary directories bypassing sandbox restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-12T00:00:00", "id": "GOOGLE_CHROME_33_0_1750_154.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73082", "published": "2014-03-18T00:00:00", "title": "Google Chrome < 33.0.1750.154 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73082);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2014-1705\",\n \"CVE-2014-1713\",\n \"CVE-2014-1714\",\n \"CVE-2014-1715\"\n );\n script_bugtraq_id(66239, 66243, 66249, 66252);\n\n script_name(english:\"Google Chrome < 33.0.1750.154 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.154. It is, therefore, affected by the following\nvulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n 'document.location' bindings. An attacker, using a\n specially crafted web page, can dereference freed memory\n and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A\n context-dependent attacker could bypass sandbox\n restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the\n 'CreatePlatformFileUnsafe()' function in the\n 'base/platform_file_win.cc' where user input is not\n properly sanitized. A context-dependent attacker could\n open arbitrary directories bypassing sandbox\n restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531614/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531615/30/0/threaded\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?caf96baa\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.154 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'33.0.1750.154', severity:SECURITY_WARNING);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.152. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write error with the a sandbox bypass, specifically the V8 JavaScript engine. This could allow an attacker to execute code or cause a denial of service if the exploit fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the 'document.location' bindings. An attacker, using a specially crafted web page, can dereference freed memory and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A context-dependent attacker could bypass sandbox restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the 'CreatePlatformFileUnsafe()' function in the 'base/platform_file_win.cc' where user input is not properly sanitized. A context-dependent attacker could open arbitrary directories bypassing sandbox restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_GOOGLE_CHROME_33_0_1750_152.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73083", "published": "2014-03-18T00:00:00", "title": "Google Chrome < 33.0.1750.152 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73083);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1705\",\n \"CVE-2014-1713\",\n \"CVE-2014-1714\",\n \"CVE-2014-1715\"\n );\n script_bugtraq_id(66239, 66243, 66249, 66252);\n\n script_name(english:\"Google Chrome < 33.0.1750.152 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 33.0.1750.152. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n 'document.location' bindings. An attacker, using a\n specially crafted web page, can dereference freed memory\n and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A\n context-dependent attacker could bypass sandbox\n restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the\n 'CreatePlatformFileUnsafe()' function in the\n 'base/platform_file_win.cc' where user input is not\n properly sanitized. A context-dependent attacker could\n open arbitrary directories bypassing sandbox\n restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531614/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531615/30/0/threaded\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?caf96baa\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.152 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'33.0.1750.152', severity:SECURITY_WARNING);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:37", "bulletinFamily": "scanner", "description": "Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2014-280.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75318", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-280.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75318);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)\");\n script_summary(english:\"Check for the openSUSE-2014-280 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-25.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser.\n\n - CVE-2013-6654 TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling.\n\n - CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor.\n\n - CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor.\n\n - CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation.\n\n - CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation.\n\n - CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117.\n\n - CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling.\n\n - CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature.\n\n - CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer.\n\n - CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin.\n\n - CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146.\n\n - CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis.\n\n - CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling.\n\n - CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation.\n\n - CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape.\n\n - CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705 A memory corruption issue was discovered in the V8 JavaScript library.\n\n - CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function.\n\n - CVE-2014-1715 A directory traversal issue was found and fixed.", "modified": "2018-11-28T00:00:00", "id": "DEBIAN_DSA-2883.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73164", "published": "2014-03-25T00:00:00", "title": "Debian DSA-2883-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2883. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73164);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_bugtraq_id(65699, 65930, 66120, 66239, 66243, 66249);\n script_xref(name:\"DSA\", value:\"2883\");\n\n script_name(english:\"Debian DSA-2883-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium's web contents color chooser.\n\n - CVE-2013-6654\n TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655\n cloudfuzzer discovered a use-after-free issue in dom\n event handling.\n\n - CVE-2013-6656\n NeexEmil discovered an information leak in the XSS\n auditor.\n\n - CVE-2013-6657\n NeexEmil discovered a way to bypass the Same Origin\n policy in the XSS auditor.\n\n - CVE-2013-6658\n cloudfuzzer discovered multiple use-after-free issues\n surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan\n discovered that it was possible to trigger an unexpected\n certificate chain during TLS renegotiation.\n\n - CVE-2013-6660\n bishopjeffreys discovered an information leak in the\n drag and drop implementation.\n\n - CVE-2013-6661\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.117.\n\n - CVE-2013-6663\n Atte Kettunen discovered a use-after-free issue in SVG\n handling.\n\n - CVE-2013-6664\n Khalil Zhani discovered a use-after-free issue in the\n speech recognition feature.\n\n - CVE-2013-6665\n cloudfuzzer discovered a buffer overflow issue in the\n software renderer.\n\n - CVE-2013-6666\n netfuzzer discovered a restriction bypass in the Pepper\n Flash plugin.\n\n - CVE-2013-6667\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.146.\n\n - CVE-2013-6668\n Multiple vulnerabilities were fixed in version\n 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700\n Chamal de Silva discovered a use-after-free issue in\n speech synthesis.\n\n - CVE-2014-1701\n aidanhs discovered a cross-site scripting issue in event\n handling.\n\n - CVE-2014-1702\n Colin Payne discovered a use-after-free issue in the web\n database implementation.\n\n - CVE-2014-1703\n VUPEN discovered a use-after-free issue in web sockets\n that could lead to a sandbox escape.\n\n - CVE-2014-1704\n Multiple vulnerabilities were fixed in version\n 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705\n A memory corruption issue was discovered in the V8\n JavaScript library.\n\n - CVE-2014-1713\n A use-after-free issue was discovered in the\n AttributeSetter function.\n\n - CVE-2014-1715\n A directory traversal issue was found and fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2883\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 33.0.1750.152-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:21", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "id": "GENTOO_GLSA-201408-16.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77460", "published": "2014-08-30T00:00:00", "title": "GLSA-201408-16 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-16.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77460);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407);\n script_xref(name:\"GLSA\", value:\"201408-16\");\n\n script_name(english:\"GLSA-201408-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-37.0.2062.94'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 37.0.2062.94\"), vulnerable:make_list(\"lt 37.0.2062.94\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:25", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\nNew vulnerabilities after the Pwn2Own competition:\n\n[352369] Code execution outside sandbox. Credit to VUPEN.\n\t \n[352374] High CVE-2014-1713: Use-after-free in Blink\n\t\t bindings\n[352395] High CVE-2014-1714: Windows clipboard\n\t\t vulnerability\n\n\n [352420] Code execution outside sandbox. Credit to Anonymous.\n\t \n[351787] High CVE-2014-1705: Memory corruption in V8\n[352429] High CVE-2014-1715: Directory traversal issue\n\n\n\n\n", "modified": "2014-03-14T00:00:00", "published": "2014-03-14T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/a70966a1-ac22-11e3-8d04-00262d5ed8ee.html", "id": "A70966A1-AC22-11E3-8D04-00262D5ED8EE", "title": "www/chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:18", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804342", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln03_mar14_win.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804342\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.154 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.154 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.154\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:57", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804343", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln03_mar14_macosx.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804343\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.152 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.152 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.152\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:41:20", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804344", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln03_mar14_lin.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804344\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.152 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.152 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.152\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850581", "title": "SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0501_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850581\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\");\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"insight\", value:\"Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n\n - Security fixes:\n\n * CVE-2014-1713: Use-after-free in Blink bindings\n\n * CVE-2014-1714: Windows clipboard vulnerability\n\n * CVE-2014-1705: Memory corruption in V8\n\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n\n - Security fixes:\n\n * CVE-2014-1700: Use-after-free in speech\n\n * CVE-2014-1701: UXSS in events\n\n * CVE-2014-1702: Use-after-free in web database\n\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0501_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:10:25", "bulletinFamily": "scanner", "description": "Check for the Version of chromium", "modified": "2017-12-08T00:00:00", "published": "2014-04-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850581", "id": "OPENVAS:850581", "title": "SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0501_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850581);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\");\n\n tag_insight = \"\n Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\";\n\n tag_affected = \"chromium on openSUSE 13.1, openSUSE 12.3\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0501_1\");\n script_summary(\"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:26", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.", "modified": "2018-04-06T00:00:00", "published": "2014-03-23T00:00:00", "id": "OPENVAS:1361412562310702883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702883", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702883\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2883.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:12:48", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.", "modified": "2017-08-23T00:00:00", "published": "2014-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702883", "id": "OPENVAS:702883", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702883);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2883.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:39:38", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201408-16", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121260", "title": "Gentoo Security Advisory GLSA 201408-16", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121260\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-16\");\n script_cve_id(\"CVE-2014-1741\", \"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 37.0.2062.94\"), vulnerable: make_list(\"lt 37.0.2062.94\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:13", "bulletinFamily": "info", "description": "Now that the dust has settled after the [Pwn2Own contest](<https://threatpost.com/vupen-cashes-in-four-times-at-pwn2own/104754>), the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux.\n\nThis year\u2019s Pwn2Own, which runs in conjunction with the CanSecWest conference in Vancouver, showcased vulnerabilities and exploits in most of the major browsers, including Internet Explorer and Firefox, along with Chrome. The team from VUPEN, the French security and exploit-sales firm, took home several hundred thousand dollars in prize money from the contest, a good portion of it for demonstrating new bugs in Google Chrome. In addition to the prize money from the contest, Google also is paying its own rewards to the researchers who used new flaws in Chrome.\n\nVUPEN earned a $100,000 reward from Google for its two Chrome vulnerabilities, and an anonymous researcher also earned $60,000 for two separate vulnerabilities. The flaws used in Pwn2Own that Google fixed in Chrome 33 are:\n\n * [$100,000] [[352369](<https://code.google.com/p/chromium/issues/detail?id=352369>)] Code execution outside sandbox. Credit to VUPEN. \n * [[352374](<https://code.google.com/p/chromium/issues/detail?id=352374>)] **High **CVE-2014-1713: Use-after-free in Blink bindings\n * [[352395](<https://code.google.com/p/chromium/issues/detail?id=352395>)] **High** CVE-2014-1714: Windows clipboard vulnerability\n * [$60,000] [[352420](<https://code.google.com/p/chromium/issues/detail?id=352420>)] Code execution outside sandbox. Credit to Anonymous. \n * [[351787](<https://code.google.com/p/chromium/issues/detail?id=351787>)] **High** CVE-2014-1705: Memory corruption in V8\n * [[352429](<https://code.google.com/p/chromium/issues/detail?id=352429>)] **High** CVE-2014-1715: Directory traversal issue\n\nPatches for Internet Explorer and Firefox likely will take a little longer, as they\u2019re on longer update cycles than Google, which typically pushes out new versions whenever significant security issues need to be fixed. Google security officials said that they plan to publish some details of the exploits used against Chrome in Pwn2Own in the coming weeks.\n\n\u201cWe\u2019re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future,\u201d Anthony Laforge of Google said in a [blog post](<http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html>).\n", "modified": "2014-03-19T20:41:49", "published": "2014-03-17T11:24:53", "id": "THREATPOST:92620F5AFF6D439FD7555958C7778604", "href": "https://threatpost.com/google-patches-four-pwn2own-bugs-in-chrome-33/104828/", "type": "threatpost", "title": "Google Patches Four Pwn2Own Bugs in Chrome 33", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\n\n", "modified": "2014-04-09T19:04:26", "published": "2014-04-09T19:04:26", "id": "OPENSUSE-SU-2014:0501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html", "type": "suse", "title": "chromium to 33.0.1750.152 stable release (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2883-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 23, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \r\n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\r\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\r\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\r\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\r\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\r\n\r\nSeveral vulnerabilities have been discovered in the chromium web browser.\r\n\r\nCVE-2013-6653\r\n\r\n Khalil Zhani discovered a use-after-free issue in chromium's web\r\n contents color chooser.\r\n\r\nCVE-2013-6654\r\n\r\n TheShow3511 discovered an issue in SVG handling.\r\n\r\nCVE-2013-6655\r\n\r\n cloudfuzzer discovered a use-after-free issue in dom event handling.\r\n\r\nCVE-2013-6656\r\n\r\n NeexEmil discovered an information leak in the XSS auditor.\r\n\r\nCVE-2013-6657\r\n\r\n NeexEmil discovered a way to bypass the Same Origin policy in the\r\n XSS auditor.\r\n\r\nCVE-2013-6658\r\n\r\n cloudfuzzer discovered multiple use-after-free issues surrounding\r\n the updateWidgetPositions function.\r\n\r\nCVE-2013-6659\r\n\r\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\r\n it was possible to trigger an unexpected certificate chain during\r\n TLS renegotiation.\r\n\r\nCVE-2013-6660\r\n\r\n bishopjeffreys discovered an information leak in the drag and drop\r\n implementation.\r\n\r\nCVE-2013-6661\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.117.\r\n\r\nCVE-2013-6663\r\n\r\n Atte Kettunen discovered a use-after-free issue in SVG handling.\r\n\r\nCVE-2013-6664\r\n\r\n Khalil Zhani discovered a use-after-free issue in the speech\r\n recognition feature.\r\n\r\nCVE-2013-6665\r\n\r\n cloudfuzzer discovered a buffer overflow issue in the software\r\n renderer.\r\n\r\nCVE-2013-6666\r\n\r\n netfuzzer discovered a restriction bypass in the Pepper Flash\r\n plugin.\r\n\r\nCVE-2013-6667\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.146.\r\n\r\nCVE-2013-6668\r\n\r\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1700\r\n\r\n Chamal de Silva discovered a use-after-free issue in speech\r\n synthesis.\r\n\r\nCVE-2014-1701\r\n\r\n aidanhs discovered a cross-site scripting issue in event handling.\r\n\r\nCVE-2014-1702\r\n\r\n Colin Payne discovered a use-after-free issue in the web database\r\n implementation.\r\n\r\nCVE-2014-1703\r\n\r\n VUPEN discovered a use-after-free issue in web sockets that\r\n could lead to a sandbox escape.\r\n\r\nCVE-2014-1704\r\n\r\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1705\r\n\r\n A memory corruption issue was discovered in the V8 javascript\r\n library.\r\n\r\nCVE-2014-1713\r\n\r\n A use-after-free issue was discovered in the AttributeSetter\r\n function. \r\n\r\nCVE-2014-1715\r\n\r\n A directory traversal issue was found and fixed.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 33.0.1750.152-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 33.0.1750.152-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN\r\no5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS\r\n4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH\r\nLQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T\r\npbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne\r\nFgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch\r\nV19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o\r\nY8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG\r\nea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq\r\nRcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4\r\ne/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG\r\nFx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72\r\ni7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD\r\ncdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc\r\n/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW\r\n0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu\r\nXdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22\r\nlBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI\r\nAr/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+\r\nTi/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY\r\nvoLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09\r\nyItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=\r\n=tb+u\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-25T00:00:00", "published": "2014-03-25T00:00:00", "id": "SECURITYVULNS:DOC:30384", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30384", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Memory corruprions, information leakage, certificate validation issues, protection bypass, crossite scripting, directory traversal.", "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13629", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:38", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.\n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.\n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.\n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.\n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation.\n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.\n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.\n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer.\n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.\n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.\n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.\n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis.\n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation.\n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.\n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.\n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library.\n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nCVE-2014-1715\n\n A directory traversal issue was found and fixed.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-03-24T01:02:38", "published": "2014-03-24T01:02:38", "id": "DEBIAN:DSA-2883-1:8DB61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00055.html", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}