Multiple vulnerabilities in Techland Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2013-2840 CVE-2013-2841 CVE-2013-2843 CVE-2013-2844 CVE-2013-2845 CVE-2013-2846 CVE-2013-2847 CVE-2013-2848 CVE-2013-2849 CVE-2013-2836 CVE-2013-2837 CVE-2013-2839 |
| CWE-ID | CWE-416 CWE-119 CWE-79 CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU42831
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2840
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors, a different vulnerability than CVE-2013-2846. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=230117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU42832
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2841
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the handling of Pepper resources. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=227350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16534
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU42833
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2843
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the handling of speech data. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=222000
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16547
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU42834
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2844
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to style resolution. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=196393
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16624
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU42835
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2845
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=179522
https://code.google.com/p/chromium/issues/detail?id=188092
https://code.google.com/p/chromium/issues/detail?id=222136
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16354
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU42836
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2846
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors, a different vulnerability than CVE-2013-2840. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=177620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15805
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU42837
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2847
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=176692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16716
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU42838
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2848
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via unspecified vectors. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html
https://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
https://secunia.com/advisories/54886
https://support.apple.com/kb/HT5934
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=176137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU42839
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2849
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=171392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU42840
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://code.google.com/p/chromium/issues/detail?id=162896
https://code.google.com/p/chromium/issues/detail?id=168050
https://code.google.com/p/chromium/issues/detail?id=170715
https://code.google.com/p/chromium/issues/detail?id=173397
https://code.google.com/p/chromium/issues/detail?id=173672
https://code.google.com/p/chromium/issues/detail?id=174920
https://code.google.com/p/chromium/issues/detail?id=176719
https://code.google.com/p/chromium/issues/detail?id=177815
https://code.google.com/p/chromium/issues/detail?id=178130
https://code.google.com/p/chromium/issues/detail?id=178269
https://code.google.com/p/chromium/issues/detail?id=178581
https://code.google.com/p/chromium/issues/detail?id=178761
https://code.google.com/p/chromium/issues/detail?id=179580
https://code.google.com/p/chromium/issues/detail?id=180058
https://code.google.com/p/chromium/issues/detail?id=180920
https://code.google.com/p/chromium/issues/detail?id=181375
https://code.google.com/p/chromium/issues/detail?id=181438
https://code.google.com/p/chromium/issues/detail?id=196571
https://code.google.com/p/chromium/issues/detail?id=196575
https://code.google.com/p/chromium/issues/detail?id=196648
https://code.google.com/p/chromium/issues/detail?id=222036
https://code.google.com/p/chromium/issues/detail?id=222754
https://code.google.com/p/chromium/issues/detail?id=222770
https://code.google.com/p/chromium/issues/detail?id=223034
https://code.google.com/p/chromium/issues/detail?id=223125
https://code.google.com/p/chromium/issues/detail?id=223145
https://code.google.com/p/chromium/issues/detail?id=224920
https://code.google.com/p/chromium/issues/detail?id=225403
https://code.google.com/p/chromium/issues/detail?id=225979
https://code.google.com/p/chromium/issues/detail?id=226012
https://code.google.com/p/chromium/issues/detail?id=226090
https://code.google.com/p/chromium/issues/detail?id=226659
https://code.google.com/p/chromium/issues/detail?id=227390
https://code.google.com/p/chromium/issues/detail?id=229402
https://code.google.com/p/chromium/issues/detail?id=231725
https://code.google.com/p/chromium/issues/detail?id=232389
https://code.google.com/p/chromium/issues/detail?id=232532
https://code.google.com/p/chromium/issues/detail?id=232865
https://code.google.com/p/chromium/issues/detail?id=236631
https://code.google.com/p/chromium/issues/detail?id=241595
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU42841
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2837
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=235638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU42842
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2839
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 27.0.1453.0 - 27.0.1453.90
CPE2.3- cpe:2.3:a:google:google_chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:27.0.1453.2:*:*:*:*:*:*:*
https://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
https://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=230176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16760
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
