http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html

http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html

openSUSE-SU-2013:1776

openSUSE-SU-2013:1777

openSUSE-SU-2013:1861

openSUSE-SU-2014:0065

DSA-2799

http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/

https://code.google.com/p/chromium/issues/detail?id=319117

https://code.google.com/p/chromium/issues/detail?id=319125

- Update to Chromium 31.0.1650.63 Stable channel update :

  - Security fixes :

  - CVE-2013-6634: Session fixation in sync related to 302     redirects

  - CVE-2013-6635: Use-after-free in editing

  - CVE-2013-6636: Address bar spoofing related to modal     dialogs

  - CVE-2013-6637: Various fixes from internal audits,     fuzzing and other initiatives.

  - CVE-2013-6638: Buffer overflow in v8

  - CVE-2013-6639: Out of bounds write in v8.

  - CVE-2013-6640: Out of bounds read in v8

  - and 12 other security fixes.

  - Remove the build flags to build according to the Chrome     ffmpeg branding and the proprietary codecs. (bnc#847971)

  - Update to Chromium 31.0.1650.57 Stable channel update :

  - Security Fixes :

  - CVE-2013-6632: Multiple memory corruption issues.

  - Update to Chromium 31.0.1650.48 Stable Channel update :

  - Security fixes :

  - CVE-2013-6621: Use after free related to speech input     elements..

  - CVE-2013-6622: Use after free related to media elements. 

  - CVE-2013-6623: Out of bounds read in SVG.

  - CVE-2013-6624: Use after free related to     &ldquo;id&rdquo; attribute strings.

  - CVE-2013-6625: Use after free in DOM ranges.

  - CVE-2013-6626: Address bar spoofing related to     interstitial warnings.

  - CVE-2013-6627: Out of bounds read in HTTP parsing.

  - CVE-2013-6628: Issue with certificates not being checked     during TLS renegotiation.

  - CVE-2013-2931: Various fixes from internal audits,     fuzzing and other initiatives.

  - CVE-2013-6629: Read of uninitialized memory in libjpeg     and libjpeg-turbo.

  - CVE-2013-6630: Read of uninitialized memory in     libjpeg-turbo.

  - CVE-2013-6631: Use after free in libjingle.

  - Added patch chromium-fix-chromedriver-build.diff to fix     the chromedriver build

  - Enable ARM build for Chromium. 

  - Added patches chromium-arm-webrtc-fix.patch,     chromium-fix-arm-icu.patch and     chromium-fix-arm-sysroot.patch to resolve ARM specific     build issues

  - Update to Chromium 30.0.1599.114 Stable Channel update:
    fix build for 32bit systems

  - Drop patch chromium-fix-chromedriver-build.diff. This is     now fixed upstream

  - For openSUSE versions lower than 13.1, build against the     in-tree libicu

  - Update to Chromium 30.0.1599.101

  - Security Fixes :

  + CVE-2013-2925: Use after free in XHR

  + CVE-2013-2926: Use after free in editing

  + CVE-2013-2927: Use after free in forms.

  + CVE-2013-2928: Various fixes from internal audits,     fuzzing and other initiatives.

  - Update to Chromium 30.0.1599.66

  - Easier searching by image 

  - A number of new apps/extension APIs 

  - Lots of under the hood changes for stability and     performance

  - Security fixes :

  + CVE-2013-2906: Races in Web Audio

  + CVE-2013-2907: Out of bounds read in Window.prototype     object

  + CVE-2013-2908: Address bar spoofing related to the     &ldquo;204 No Content&rdquo; status code

  + CVE-2013-2909: Use after free in inline-block rendering

  + CVE-2013-2910: Use-after-free in Web Audio

  + CVE-2013-2911: Use-after-free in XSLT

  + CVE-2013-2912: Use-after-free in PPAPI

  + CVE-2013-2913: Use-after-free in XML document parsing

  + CVE-2013-2914: Use after free in the Windows color     chooser dialog

  + CVE-2013-2915: Address bar spoofing via a malformed     scheme

  + CVE-2013-2916: Address bar spoofing related to the     &ldquo;204 No Content&rdquo; status code

  + CVE-2013-2917: Out of bounds read in Web Audio

  + CVE-2013-2918: Use-after-free in DOM

  + CVE-2013-2919: Memory corruption in V8

  + CVE-2013-2920: Out of bounds read in URL parsing

  + CVE-2013-2921: Use-after-free in resource loader

  + CVE-2013-2922: Use-after-free in template element

  + CVE-2013-2923: Various fixes from internal audits,     fuzzing and other initiatives 

  + CVE-2013-2924: Use-after-free in ICU. Upstream bug

Chromium was updated to 31.0.1650.57: Stable channel update :

  - Security Fixes :

  - CVE-2013-6632: Multiple memory corruption issues.

  - Update to Chromium 31.0.1650.48 Stable Channel update :

  - Security fixes :

  - CVE-2013-6621: Use after free related to speech input     elements..

  - CVE-2013-6622: Use after free related to media elements. 

  - CVE-2013-6623: Out of bounds read in SVG.

  - CVE-2013-6624: Use after free related to     &ldquo;id&rdquo; attribute strings.

  - CVE-2013-6625: Use after free in DOM ranges.

  - CVE-2013-6626: Address bar spoofing related to     interstitial warnings.

  - CVE-2013-6627: Out of bounds read in HTTP parsing.

  - CVE-2013-6628: Issue with certificates not being checked     during TLS renegotiation.

  - CVE-2013-2931: Various fixes from internal audits,     fuzzing and other initiatives.

  - CVE-2013-6629: Read of uninitialized memory in libjpeg     and libjpeg-turbo.

  - CVE-2013-6630: Read of uninitialized memory in     libjpeg-turbo.

  - CVE-2013-6631: Use after free in libjingle.

  - Added patch chromium-fix-chromedriver-build.diff to fix     the chromedriver build

  - Enable ARM build for Chromium. 

  - Added patches chromium-arm-webrtc-fix.patch,     chromium-fix-arm-icu.patch and     chromium-fix-arm-sysroot.patch to resolve ARM specific     build issues

  - Update to Chromium 30.0.1599.114 Stable Channel update:
    fix build for 32bit systems

  - Drop patch chromium-fix-chromedriver-build.diff. This is     now fixed upstream

  - For openSUSE versions lower than 13.1, build against the     in-tree libicu

  - Update to Chromium 30.0.1599.101

  - Security Fixes :

  + CVE-2013-2925: Use after free in XHR

  + CVE-2013-2926: Use after free in editing

  + CVE-2013-2927: Use after free in forms.

  + CVE-2013-2928: Various fixes from internal audits,     fuzzing and other initiatives.

  - Update to Chromium 30.0.1599.66

  - Easier searching by image 

  - A number of new apps/extension APIs 

  - Lots of under the hood changes for stability and     performance

  - Security fixes :

  + CVE-2013-2906: Races in Web Audio

  + CVE-2013-2907: Out of bounds read in Window.prototype     object

  + CVE-2013-2908: Address bar spoofing related to the     &ldquo;204 No Content&rdquo; status code

  + CVE-2013-2909: Use after free in inline-block rendering

  + CVE-2013-2910: Use-after-free in Web Audio

  + CVE-2013-2911: Use-after-free in XSLT

  + CVE-2013-2912: Use-after-free in PPAPI

  + CVE-2013-2913: Use-after-free in XML document parsing

  + CVE-2013-2914: Use after free in the Windows color     chooser dialog

  + CVE-2013-2915: Address bar spoofing via a malformed     scheme

  + CVE-2013-2916: Address bar spoofing related to the     &ldquo;204 No Content&rdquo; status code

  + CVE-2013-2917: Out of bounds read in Web Audio

  + CVE-2013-2918: Use-after-free in DOM

  + CVE-2013-2919: Memory corruption in V8

  + CVE-2013-2920: Out of bounds read in URL parsing

  + CVE-2013-2921: Use-after-free in resource loader

  + CVE-2013-2922: Use-after-free in template element

  + CVE-2013-2923: Various fixes from internal audits,     fuzzing and other initiatives 

  + CVE-2013-2924: Use-after-free in ICU. Upstream bug

Chromium was updated to 31.0.1650.57: Stable channel update :

  - Security Fixes :

  - CVE-2013-6632: Multiple memory corruption issues.

  - Update to Chromium 31.0.1650.48 (bnc#850430) Stable     Channel update :

  - Security fixes :

  - CVE-2013-6621: Use after free related to speech input     elements..

  - CVE-2013-6622: Use after free related to media elements. 

  - CVE-2013-6623: Out of bounds read in SVG.

  - CVE-2013-6624: Use after free related to     &ldquo;id&rdquo; attribute strings.

  - CVE-2013-6625: Use after free in DOM ranges.

  - CVE-2013-6626: Address bar spoofing related to     interstitial warnings.

  - CVE-2013-6627: Out of bounds read in HTTP parsing.

  - CVE-2013-6628: Issue with certificates not being checked     during TLS renegotiation.

  - CVE-2013-2931: Various fixes from internal audits,     fuzzing and other initiatives.

  - CVE-2013-6629: Read of uninitialized memory in libjpeg     and libjpeg-turbo.

  - CVE-2013-6630: Read of uninitialized memory in     libjpeg-turbo.

  - CVE-2013-6631: Use after free in libjingle.

  - Added patch chromium-fix-chromedriver-build.diff to fix     the chromedriver build

Security and bugfix update to Chromium 31.0.1650.57

  - Update to Chromium 31.0.1650.57 :

  - Security Fixes :

  - CVE-2013-6632: Multiple memory corruption issues.

  - Update to Chromium 31.0.1650.48 Stable Channel update :

  - Security fixes :

  - CVE-2013-6621: Use after free related to speech input     elements..

  - CVE-2013-6622: Use after free related to media elements. 

  - CVE-2013-6623: Out of bounds read in SVG.

  - CVE-2013-6624: Use after free related to     &ldquo;id&rdquo; attribute strings.

  - CVE-2013-6625: Use after free in DOM ranges.

  - CVE-2013-6626: Address bar spoofing related to     interstitial warnings.

  - CVE-2013-6627: Out of bounds read in HTTP parsing.

  - CVE-2013-6628: Issue with certificates not being checked     during TLS renegotiation.

  - CVE-2013-2931: Various fixes from internal audits,     fuzzing and other initiatives.

  - CVE-2013-6629: Read of uninitialized memory in libjpeg     and libjpeg-turbo.

  - CVE-2013-6630: Read of uninitialized memory in     libjpeg-turbo.

  - CVE-2013-6631: Use after free in libjingle.

  - Stable Channel update: fix build for 32bit systems

  - Update to Chromium 30.0.1599.101

  - Security Fixes :

  + CVE-2013-2925: Use after free in XHR

  + CVE-2013-2926: Use after free in editing

  + CVE-2013-2927: Use after free in forms.

  + CVE-2013-2928: Various fixes from internal audits,     fuzzing and other initiatives.

  - Enable ARM build for Chromium.

The remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and V8. Please       review the CVE identifiers and release notes referenced below for       details.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted website or JavaScript program using Chromium or V8, possibly       resulting in the execution of arbitrary code with the privileges of the       process or a Denial of Service condition. Furthermore, a remote attacker       may be able to bypass security restrictions or have other unspecified       impact.
  Workaround :

    There is no known workaround at this time.

The remote host has Google Chrome browser installed. Versions of Google Chrome prior to 31.0.1650.57 are affected by the following vulnerabilities that have been shown to be exploitable for the purpose of remote code execution:

  - Unspecified integer overflow flaw (CVE-2013-6632)

  - A flaw in the ClipboardMessageFilter that can be triggered to bypass the Chrome sandbox and execute arbitrary code. (CVE-2013-6802)

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2013-2931     The chrome 31 development team found various issues from     internal fuzzing, audits, and other studies.

  - CVE-2013-6621     Khalil Zhani discovered a use-after-free issue in speech     input handling.

  - CVE-2013-6622     'cloudfuzzer' discovered a use-after-free issue in     HTMLMediaElement.

  - CVE-2013-6623     'miaubiz' discovered an out-of-bounds read in the     Blink/Webkit SVG implementation.

  - CVE-2013-6624     Jon Butler discovered a use-after-free issue in id     attribute strings.

  - CVE-2013-6625     'cloudfuzzer' discovered a use-after-free issue in the     Blink/Webkit DOM implementation.

  - CVE-2013-6626     Chamal de Silva discovered an address bar spoofing     issue.

  - CVE-2013-6627     'skylined' discovered an out-of-bounds read in the HTTP     stream parser.

  - CVE-2013-6628     Antoine Delignat-Lavaud and Karthikeyan Bhargavan of     INRIA Paris discovered that a different (unverified)     certificate could be used after successful TLS     renegotiation with a valid certificate.

  - CVE-2013-6629     Michal Zalewski discovered an uninitialized memory read     in the libjpeg and libjpeg-turbo libraries.

  - CVE-2013-6630     Michal Zalewski discovered another uninitialized memory     read in the libjpeg and libjpeg-turbo libraries.

  - CVE-2013-6631     Patrik Hoglund discovered a use-free issue in the     libjingle library.

  - CVE-2013-6632     Pinkie Pie discovered multiple memory corruption issues.

Google Chrome Releases reports :

[319117] [319125] Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie.

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 31.0.1650.57.  It is, therefore, affected by multiple unspecified memory corruption vulnerabilities.

The version of Google Chrome installed on the remote host is a version prior to 31.0.1650.57.  It is, therefore, affected by multiple unspecified memory corruption vulnerabilities.

ID	Name	Product	Family	Severity
75366	openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)	Nessus	SuSE Local Security Checks	critical
75225	openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)	Nessus	SuSE Local Security Checks	critical
75213	openSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)	Nessus	SuSE Local Security Checks	critical
75212	openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)	Nessus	SuSE Local Security Checks	critical
72851	GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
801612	Google Chrome < 31.0.1650.57 Multiple Remote Code Execution Vulnerabilities	Log Correlation Engine	Web Clients	high
8062	Google Chrome < 31.0.1650.57 RCE	Nessus Network Monitor	Web Clients	high
70986	Debian DSA-2799-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	critical
70932	FreeBSD : chromium -- multiple memory corruption issues (e62ab2af-4df4-11e3-b0cf-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
70924	Google Chrome < 31.0.1650.57 Multiple Memory Corruptions (Mac OS X)	Nessus	MacOS X Local Security Checks	high
70923	Google Chrome < 31.0.1650.57 Multiple Memory Corruptions	Nessus	Windows	high

CVE-2013-6632

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins