CVE-2013-2842

HIGH

Description

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

References

http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

http://secunia.com/advisories/54886

http://support.apple.com/kb/HT5934

http://support.apple.com/kb/HT6001

http://www.debian.org/security/2013/dsa-2695

https://code.google.com/p/chromium/issues/detail?id=226696

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15914

Details

Source: MITRE

Published: 2013-05-22

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 6.1.4 (inclusive)

Configuration 2

OR

cpe:2.3:a:google:chrome:27.0.1453.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.83:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.88:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.89:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:27.0.1453.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 27.0.1453.91 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
72105Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
72104Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)NessusWindows
high
8048Safari < 6.1 Multiple Security VulnerabilitiesNessus Network MonitorWeb Clients
medium
70589Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
70588Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
70563Mac OS X : Apple Safari < 6.1 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
70257Apple TV < 6.0 Multiple VulnerabilitiesNessusMisc.
high
70112GLSA-201309-16 : Chromium, V8: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
69984Apple iOS < 7 Multiple VulnerabilitiesNessusMobile Devices
high
66676Debian DSA-2695-1 : chromium-browser - several issuesNessusDebian Local Security Checks
high
800944Google Chrome < 27.0.1453.93 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800797Google Chrome < 27.0.1453.93 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6835Google Chrome < 27.0.1453.93 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
66556Google Chrome < 27.0.1453.93 Multiple VulnerabilitiesNessusWindows
high
66549FreeBSD : chromium -- multiple vulnerabilities (358133b5-c2b9-11e2-a738-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
8095iTunes for Windows < 11.1.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8013Apple iOS < 7.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical