SB2014022404 - Multiple vulnerabilities in Chrome
Published: February 24, 2014 Updated: February 8, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2013-6656)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via unspecified vectors. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Cross-site scripting (CVE-ID: CVE-2013-6657)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via unspecified vectors. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Resource management error (CVE-ID: CVE-2013-6658)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.
4) Cryptographic issues (CVE-ID: CVE-2013-6659)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-6660)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site.
6) Input validation error (CVE-ID: CVE-2013-6661)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.
7) Use-after-free (CVE-ID: CVE-2013-6653)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving attempted conflicting access to the color chooser. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Input validation error (CVE-ID: CVE-2013-6654)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors.
9) Use-after-free (CVE-ID: CVE-2013-6655)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=331725
- https://src.chromium.org/viewvc/blink?revision=164749&view=revision
- https://code.google.com/p/chromium/issues/detail?id=331060
- https://src.chromium.org/viewvc/blink?revision=164538&view=revision
- https://code.google.com/p/chromium/issues/detail?id=322891
- https://src.chromium.org/viewvc/blink?revision=165052&view=revision
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
- https://code.google.com/p/chromium/issues/detail?id=332579
- https://src.chromium.org/viewvc/chrome?revision=244538&view=revision
- https://code.google.com/p/chromium/issues/detail?id=294687
- https://code.google.com/p/chromium/issues/detail?id=312016
- https://code.google.com/p/chromium/issues/detail?id=313005
- https://code.google.com/p/chromium/issues/detail?id=314088
- https://code.google.com/p/chromium/issues/detail?id=324812
- https://code.google.com/p/chromium/issues/detail?id=326860
- https://code.google.com/p/chromium/issues/detail?id=328620
- https://code.google.com/p/chromium/issues/detail?id=329651
- https://code.google.com/p/chromium/issues/detail?id=330222
- https://code.google.com/p/chromium/issues/detail?id=330750
- https://code.google.com/p/chromium/issues/detail?id=332957
- https://code.google.com/p/chromium/issues/detail?id=333885
- https://code.google.com/p/chromium/issues/detail?id=334274
- https://code.google.com/p/chromium/issues/detail?id=338464
- https://code.google.com/p/chromium/issues/detail?id=338532
- https://code.google.com/p/chromium/issues/detail?id=338561
- https://code.google.com/p/chromium/issues/detail?id=339337
- https://code.google.com/p/chromium/issues/detail?id=341220
- https://code.google.com/p/chromium/issues/detail?id=344876
- https://code.google.com/p/chromium/issues/detail?id=331790
- https://src.chromium.org/viewvc/chrome?revision=244710&view=revision
- https://code.google.com/p/chromium/issues/detail?id=333176
- https://src.chromium.org/viewvc/blink?revision=165009&view=revision
- https://code.google.com/p/chromium/issues/detail?id=293534
- https://src.chromium.org/viewvc/blink?revision=162655&view=revision