SB2013120711 - Multiple vulnerabilities in Chrome
Published: December 7, 2013 Updated: February 8, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper Authentication (CVE-ID: CVE-2013-6634)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
2) Use-after-free (CVE-ID: CVE-2013-6635)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Input validation error (CVE-ID: CVE-2013-6636)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
4) Input validation error (CVE-ID: CVE-2013-6637)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://secunia.com/advisories/56217
- http://www.debian.org/security/2013/dsa-2811
- http://www.securitytracker.com/id/1029442
- https://code.google.com/p/chromium/issues/detail?id=307159
- https://src.chromium.org/viewvc/chrome?revision=236563&view=revision
- http://support.apple.com/kb/HT6145
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- https://code.google.com/p/chromium/issues/detail?id=314469
- https://src.chromium.org/viewvc/blink?revision=161598&view=revision
- https://support.apple.com/kb/HT6537
- https://code.google.com/p/chromium/issues/detail?id=322959
- https://src.chromium.org/viewvc/blink?revision=162673&view=revision
- https://code.google.com/p/chromium/issues/detail?id=300892
- https://code.google.com/p/chromium/issues/detail?id=305904
- https://code.google.com/p/chromium/issues/detail?id=308988
- https://code.google.com/p/chromium/issues/detail?id=313435
- https://code.google.com/p/chromium/issues/detail?id=317999
- https://code.google.com/p/chromium/issues/detail?id=319722
- https://code.google.com/p/chromium/issues/detail?id=319835
- https://code.google.com/p/chromium/issues/detail?id=319860
- https://code.google.com/p/chromium/issues/detail?id=319914
- https://code.google.com/p/chromium/issues/detail?id=320313
- https://code.google.com/p/chromium/issues/detail?id=322554
- https://code.google.com/p/chromium/issues/detail?id=325501