CVE-2013-6622

MEDIUM

Description

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.

References

http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

http://www.debian.org/security/2013/dsa-2799

https://code.google.com/p/chromium/issues/detail?id=272786

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18335

https://src.chromium.org/viewvc/blink?revision=159031&view=revision

Details

Source: MITRE

Published: 2013-11-13

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 31.0.1650.47 (inclusive)

Tenable Plugins

View all (10 total)

ID	Name	Product	Family	Severity
75366	openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)	Nessus	SuSE Local Security Checks	critical
75225	openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)	Nessus	SuSE Local Security Checks	critical
75213	openSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)	Nessus	SuSE Local Security Checks	critical
75212	openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)	Nessus	SuSE Local Security Checks	critical
72851	GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
801611	Google Chrome < 31.0.1650.48 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
70986	Debian DSA-2799-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	critical
70917	Google Chrome < 31.0.1650.48 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
70916	Google Chrome < 31.0.1650.48 Multiple Vulnerabilities	Nessus	Windows	critical
70865	FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical