SB2013100201 - Multiple vulnerabilities in Chrome
Published: October 2, 2013 Updated: February 8, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2013-2907)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
2) Input validation error (CVE-ID: CVE-2013-2908)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
3) Use-after-free (CVE-ID: CVE-2013-2909)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2013-2910)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Resource management error (CVE-ID: CVE-2013-2911)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
6) Use-after-free (CVE-ID: CVE-2013-2912)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving a resource-destruction message. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Use-after-free (CVE-ID: CVE-2013-2913)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving an XML document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Input validation error (CVE-ID: CVE-2013-2915)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.
9) Input validation error (CVE-ID: CVE-2013-2916)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.
10) Buffer overflow (CVE-ID: CVE-2013-2917)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.
11) Resource management error (CVE-ID: CVE-2013-2918)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.
12) Buffer overflow (CVE-ID: CVE-2013-2920)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.
13) Resource management error (CVE-ID: CVE-2013-2921)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.
14) Use-after-free (CVE-ID: CVE-2013-2922)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing crafted JavaScript code that operates on a TEMPLATE element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Input validation error (CVE-ID: CVE-2013-2923)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
16) Use-after-free (CVE-ID: CVE-2013-2924)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Race condition (CVE-ID: CVE-2013-2906)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=260667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695
- https://code.google.com/p/chromium/issues/detail?id=265221
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
- https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- https://code.google.com/p/chromium/issues/detail?id=265838
- https://code.google.com/p/chromium/issues/detail?id=279277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012
- https://src.chromium.org/viewvc/blink?revision=156580&view=revision
- https://support.apple.com/kb/HT6537
- https://code.google.com/p/chromium/issues/detail?id=269753
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812
- https://src.chromium.org/viewvc/blink?revision=157615&view=revision
- https://code.google.com/p/chromium/issues/detail?id=271939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687
- https://src.chromium.org/viewvc/blink?revision=156248&view=revision
- https://code.google.com/p/chromium/issues/detail?id=276368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
- https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
- https://code.google.com/p/chromium/issues/detail?id=278908
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843
- https://src.chromium.org/viewvc/blink?revision=157914&view=revision
- https://code.google.com/p/chromium/issues/detail?id=280512
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319
- https://src.chromium.org/viewvc/chrome?revision=222146&view=revision
- https://code.google.com/p/chromium/issues/detail?id=281256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968
- https://src.chromium.org/viewvc/blink?revision=157196&view=revision
- https://code.google.com/p/chromium/issues/detail?id=281480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820
- https://src.chromium.org/viewvc/blink?revision=157007&view=revision
- https://code.google.com/p/chromium/issues/detail?id=282088
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
- https://src.chromium.org/viewvc/blink?revision=157392&view=revision
- https://code.google.com/p/chromium/issues/detail?id=285742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451
- https://src.chromium.org/viewvc/chrome?revision=223735&view=revision
- https://code.google.com/p/chromium/issues/detail?id=286414
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389
- https://src.chromium.org/viewvc/blink?revision=157760&view=revision
- https://code.google.com/p/chromium/issues/detail?id=286975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358
- https://src.chromium.org/viewvc/blink?revision=157543&view=revision
- https://code.google.com/p/chromium/issues/detail?id=237800
- https://code.google.com/p/chromium/issues/detail?id=246724
- https://code.google.com/p/chromium/issues/detail?id=254728
- https://code.google.com/p/chromium/issues/detail?id=257852
- https://code.google.com/p/chromium/issues/detail?id=260138
- https://code.google.com/p/chromium/issues/detail?id=264211
- https://code.google.com/p/chromium/issues/detail?id=265493
- https://code.google.com/p/chromium/issues/detail?id=265731
- https://code.google.com/p/chromium/issues/detail?id=266593
- https://code.google.com/p/chromium/issues/detail?id=267068
- https://code.google.com/p/chromium/issues/detail?id=269835
- https://code.google.com/p/chromium/issues/detail?id=274020
- https://code.google.com/p/chromium/issues/detail?id=276111
- https://code.google.com/p/chromium/issues/detail?id=277656
- https://code.google.com/p/chromium/issues/detail?id=278366
- https://code.google.com/p/chromium/issues/detail?id=279286
- https://code.google.com/p/chromium/issues/detail?id=284792
- https://code.google.com/p/chromium/issues/detail?id=285380
- https://code.google.com/p/chromium/issues/detail?id=288761
- https://code.google.com/p/chromium/issues/detail?id=288771
- https://code.google.com/p/chromium/issues/detail?id=289648
- https://code.google.com/p/chromium/issues/detail?id=293521
- https://code.google.com/p/chromium/issues/detail?id=294023
- https://code.google.com/p/chromium/issues/detail?id=294202
- https://code.google.com/p/chromium/issues/detail?id=294206
- https://code.google.com/p/chromium/issues/detail?id=299016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103
- http://bugs.icu-project.org/trac/ticket/10318
- http://jvn.jp/en/jp/JVN85336306/index.html
- http://www.debian.org/security/2013/dsa-2786
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- https://code.google.com/p/chromium/issues/detail?id=275803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017
- https://src.chromium.org/viewvc/chrome?revision=219151&view=revision
- https://code.google.com/p/chromium/issues/detail?id=223962
- https://code.google.com/p/chromium/issues/detail?id=270758
- https://code.google.com/p/chromium/issues/detail?id=271161
- https://code.google.com/p/chromium/issues/detail?id=284785
- https://code.google.com/p/chromium/issues/detail?id=284786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013
- https://src.chromium.org/viewvc/blink?revision=157243&view=revision
- https://src.chromium.org/viewvc/blink?revision=157245&view=revision
- https://src.chromium.org/viewvc/blink?revision=157256&view=revision
- https://src.chromium.org/viewvc/blink?revision=157259&view=revision
- https://src.chromium.org/viewvc/blink?revision=157273&view=revision