Debian DSA-2883-1 : chromium-browser - security update

critical Nessus Plugin ID 73164

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser.

- CVE-2013-6654 TheShow3511 discovered an issue in SVG handling.

- CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling.

- CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor.

- CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor.

- CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function.

- CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation.

- CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation.

- CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117.

- CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling.

- CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature.

- CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer.

- CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin.

- CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146.

- CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 JavaScript library.

- CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis.

- CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling.

- CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation.

- CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape.

- CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 JavaScript library.

- CVE-2014-1705 A memory corruption issue was discovered in the V8 JavaScript library.

- CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function.

- CVE-2014-1715 A directory traversal issue was found and fixed.

Solution

Upgrade the chromium-browser packages.

For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1.

Plugin Details

Severity: Critical

ID: 73164

File Name: debian_DSA-2883.nasl

Version: 1.13

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 3/25/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 3/23/2014

Vulnerability Publication Date: 2/23/2014

Reference Information

CVE: CVE-2013-6653, CVE-2013-6654, CVE-2013-6655, CVE-2013-6656, CVE-2013-6657, CVE-2013-6658, CVE-2013-6659, CVE-2013-6660, CVE-2013-6661, CVE-2013-6663, CVE-2013-6664, CVE-2013-6665, CVE-2013-6666, CVE-2013-6667, CVE-2013-6668, CVE-2014-1700, CVE-2014-1701, CVE-2014-1702, CVE-2014-1703, CVE-2014-1704, CVE-2014-1705, CVE-2014-1713, CVE-2014-1715

BID: 66249, 65699, 65930, 66120, 66239, 66243

DSA: 2883

Detections

Analytics