SB2013100201 - Multiple vulnerabilities in Chrome
Published: October 2, 2013 Updated: February 8, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2013-2907)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
2) Input validation error (CVE-ID: CVE-2013-2908)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
3) Use-after-free (CVE-ID: CVE-2013-2909)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2013-2910)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Resource management error (CVE-ID: CVE-2013-2911)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
6) Use-after-free (CVE-ID: CVE-2013-2912)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving a resource-destruction message. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Use-after-free (CVE-ID: CVE-2013-2913)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving an XML document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Input validation error (CVE-ID: CVE-2013-2915)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.
9) Input validation error (CVE-ID: CVE-2013-2916)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.
10) Buffer overflow (CVE-ID: CVE-2013-2917)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.
11) Resource management error (CVE-ID: CVE-2013-2918)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.
12) Buffer overflow (CVE-ID: CVE-2013-2920)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.
13) Resource management error (CVE-ID: CVE-2013-2921)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.
14) Use-after-free (CVE-ID: CVE-2013-2922)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing crafted JavaScript code that operates on a TEMPLATE element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Input validation error (CVE-ID: CVE-2013-2923)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
16) Use-after-free (CVE-ID: CVE-2013-2924)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Race condition (CVE-ID: CVE-2013-2906)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=260667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695
- https://code.google.com/p/chromium/issues/detail?id=265221
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
- https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- https://code.google.com/p/chromium/issues/detail?id=265838
- https://code.google.com/p/chromium/issues/detail?id=279277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012
- https://src.chromium.org/viewvc/blink?revision=156580&view=revision
- https://support.apple.com/kb/HT6537
- https://code.google.com/p/chromium/issues/detail?id=269753
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812
- https://src.chromium.org/viewvc/blink?revision=157615&view=revision
- https://code.google.com/p/chromium/issues/detail?id=271939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687
- https://src.chromium.org/viewvc/blink?revision=156248&view=revision
- https://code.google.com/p/chromium/issues/detail?id=276368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
- https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
- https://code.google.com/p/chromium/issues/detail?id=278908
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843
- https://src.chromium.org/viewvc/blink?revision=157914&view=revision
- https://code.google.com/p/chromium/issues/detail?id=280512
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319
- https://src.chromium.org/viewvc/chrome?revision=222146&view=revision
- https://code.google.com/p/chromium/issues/detail?id=281256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968
- https://src.chromium.org/viewvc/blink?revision=157196&view=revision
- https://code.google.com/p/chromium/issues/detail?id=281480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820
- https://src.chromium.org/viewvc/blink?revision=157007&view=revision
- https://code.google.com/p/chromium/issues/detail?id=282088
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
- https://src.chromium.org/viewvc/blink?revision=157392&view=revision
- https://code.google.com/p/chromium/issues/detail?id=285742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451
- https://src.chromium.org/viewvc/chrome?revision=223735&view=revision
- https://code.google.com/p/chromium/issues/detail?id=286414
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389
- https://src.chromium.org/viewvc/blink?revision=157760&view=revision
- https://code.google.com/p/chromium/issues/detail?id=286975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358
- https://src.chromium.org/viewvc/blink?revision=157543&view=revision
- https://code.google.com/p/chromium/issues/detail?id=237800
- https://code.google.com/p/chromium/issues/detail?id=246724
- https://code.google.com/p/chromium/issues/detail?id=254728
- https://code.google.com/p/chromium/issues/detail?id=257852
- https://code.google.com/p/chromium/issues/detail?id=260138
- https://code.google.com/p/chromium/issues/detail?id=264211
- https://code.google.com/p/chromium/issues/detail?id=265493
- https://code.google.com/p/chromium/issues/detail?id=265731
- https://code.google.com/p/chromium/issues/detail?id=266593
- https://code.google.com/p/chromium/issues/detail?id=267068
- https://code.google.com/p/chromium/issues/detail?id=269835
- https://code.google.com/p/chromium/issues/detail?id=274020
- https://code.google.com/p/chromium/issues/detail?id=276111
- https://code.google.com/p/chromium/issues/detail?id=277656
- https://code.google.com/p/chromium/issues/detail?id=278366
- https://code.google.com/p/chromium/issues/detail?id=279286
- https://code.google.com/p/chromium/issues/detail?id=284792
- https://code.google.com/p/chromium/issues/detail?id=285380
- https://code.google.com/p/chromium/issues/detail?id=288761
- https://code.google.com/p/chromium/issues/detail?id=288771
- https://code.google.com/p/chromium/issues/detail?id=289648
- https://code.google.com/p/chromium/issues/detail?id=293521
- https://code.google.com/p/chromium/issues/detail?id=294023
- https://code.google.com/p/chromium/issues/detail?id=294202
- https://code.google.com/p/chromium/issues/detail?id=294206
- https://code.google.com/p/chromium/issues/detail?id=299016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103
- http://bugs.icu-project.org/trac/ticket/10318
- http://jvn.jp/en/jp/JVN85336306/index.html
- http://www.debian.org/security/2013/dsa-2786
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- https://code.google.com/p/chromium/issues/detail?id=275803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017
- https://src.chromium.org/viewvc/chrome?revision=219151&view=revision
- https://code.google.com/p/chromium/issues/detail?id=223962
- https://code.google.com/p/chromium/issues/detail?id=270758
- https://code.google.com/p/chromium/issues/detail?id=271161
- https://code.google.com/p/chromium/issues/detail?id=284785
- https://code.google.com/p/chromium/issues/detail?id=284786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013
- https://src.chromium.org/viewvc/blink?revision=157243&view=revision
- https://src.chromium.org/viewvc/blink?revision=157245&view=revision
- https://src.chromium.org/viewvc/blink?revision=157256&view=revision
- https://src.chromium.org/viewvc/blink?revision=157259&view=revision
- https://src.chromium.org/viewvc/blink?revision=157273&view=revision