SB2013111304 - Multiple vulnerabilities in Chrome
Published: November 13, 2013 Updated: February 8, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-6631)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
2) Use-after-free (CVE-ID: CVE-2013-6622)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving the movement of a media element between documents. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2013-6623)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
4) Input validation error (CVE-ID: CVE-2013-6624)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
5) Resource management error (CVE-ID: CVE-2013-6625)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.
6) Input validation error (CVE-ID: CVE-2013-6626)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
7) Buffer overflow (CVE-ID: CVE-2013-6627)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
8) Input validation error (CVE-ID: CVE-2013-6628)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
9) Input validation error (CVE-ID: CVE-2013-2931)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/webrtc/source/detail?r=4827
- https://webrtc-codereview.appspot.com/2275008
- https://code.google.com/p/chromium/issues/detail?id=272786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18335
- https://src.chromium.org/viewvc/blink?revision=159031&view=revision
- https://code.google.com/p/chromium/issues/detail?id=282925
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19311
- https://src.chromium.org/viewvc/blink?revision=158480&view=revision
- https://code.google.com/p/chromium/issues/detail?id=290566
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19168
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- https://code.google.com/p/chromium/issues/detail?id=295010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19257
- https://src.chromium.org/viewvc/blink?revision=160037&view=revision
- https://support.apple.com/kb/HT6537
- https://code.google.com/p/chromium/issues/detail?id=295695
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401
- https://src.chromium.org/viewvc/chrome?revision=225026&view=revision
- http://blog.skylined.nl/20161219001.html
- http://packetstormsecurity.com/files/140209/Chrome-HTTP-1xx-Out-Of-Bounds-Read.html
- http://seclists.org/fulldisclosure/2016/Dec/65
- https://code.google.com/p/chromium/issues/detail?id=299892
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19113
- https://src.chromium.org/viewvc/chrome?revision=226539&view=revision
- https://www.exploit-db.com/exploits/40944/
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19108
- https://secure-resumption.com/
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://code.google.com/p/chromium/issues/detail?id=263255
- https://code.google.com/p/chromium/issues/detail?id=264574
- https://code.google.com/p/chromium/issues/detail?id=271235
- https://code.google.com/p/chromium/issues/detail?id=282738
- https://code.google.com/p/chromium/issues/detail?id=285578
- https://code.google.com/p/chromium/issues/detail?id=286368
- https://code.google.com/p/chromium/issues/detail?id=296276
- https://code.google.com/p/chromium/issues/detail?id=297556
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://code.google.com/p/chromium/issues/detail?id=299993
- https://code.google.com/p/chromium/issues/detail?id=302810
- https://code.google.com/p/chromium/issues/detail?id=303232
- https://code.google.com/p/chromium/issues/detail?id=304226
- https://code.google.com/p/chromium/issues/detail?id=306255
- https://code.google.com/p/chromium/issues/detail?id=314225
- https://code.google.com/p/chromium/issues/detail?id=315823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183