CVE-2013-2884

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.

References

http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html

http://www.debian.org/security/2013/dsa-2732

https://code.google.com/p/chromium/issues/detail?id=248950

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597

https://src.chromium.org/viewvc/blink?revision=152938&view=revision

Details

Source: MITRE

Published: 2013-07-31

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.89:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.91:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:28.0.1500.93:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 28.0.1500.94 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
70112GLSA-201309-16 : Chromium, V8: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
69227Debian DSA-2732-1 : chromium-browser - several vulnerabilitiesNessusDebian Local Security Checks
high
69214FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
801428Google Chrome < 28.0.1500.95 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6961Google Chrome < 28.0.1500.95 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
69139Google Chrome < 28.0.1500.95 Multiple VulnerabilitiesNessusWindows
high