Debian DSA-2695-1 : chromium-browser - several issues

High Nessus Plugin ID 66676

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

- CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

- CVE-2013-2838 Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

- CVE-2013-2839 Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

- CVE-2013-2840 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.

- CVE-2013-2841 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.

- CVE-2013-2842 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

- CVE-2013-2843 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.

- CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.

- CVE-2013-2845 The Web Audio implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

- CVE-2013-2846 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.

- CVE-2013-2847 Race condition in the workers implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.

- CVE-2013-2848 The XSS Auditor in Chromium before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.

- CVE-2013-2849 Multiple cross-site scripting (XSS) vulnerabilities in Chromium before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.

Solution

Upgrade the chromium-browser packages.

For the oldstable distribution (squeeze), the security support window for Chromium has ended. Users of Chromium on oldstable are very highly encouraged to upgrade to the current stable Debian release (wheezy).
Chromium security support for wheezy will last until the next stable release (jessie), which is expected to happen sometime in 2015.

For the stable distribution (wheezy), these problems have been fixed in version 27.0.1453.93-1~deb7u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2013-2837

https://security-tracker.debian.org/tracker/CVE-2013-2838

https://security-tracker.debian.org/tracker/CVE-2013-2839

https://security-tracker.debian.org/tracker/CVE-2013-2840

https://security-tracker.debian.org/tracker/CVE-2013-2846

https://security-tracker.debian.org/tracker/CVE-2013-2841

https://security-tracker.debian.org/tracker/CVE-2013-2842

https://security-tracker.debian.org/tracker/CVE-2013-2843

https://security-tracker.debian.org/tracker/CVE-2013-2844

https://security-tracker.debian.org/tracker/CVE-2013-2845

https://security-tracker.debian.org/tracker/CVE-2013-2846

https://security-tracker.debian.org/tracker/CVE-2013-2840

https://security-tracker.debian.org/tracker/CVE-2013-2847

https://security-tracker.debian.org/tracker/CVE-2013-2848

https://security-tracker.debian.org/tracker/CVE-2013-2849

https://packages.debian.org/source/wheezy/chromium-browser

https://www.debian.org/security/2013/dsa-2695

Plugin Details

Severity: High

ID: 66676

File Name: debian_DSA-2695.nasl

Version: 1.13

Type: local

Agent: unix

Published: 2013/05/30

Updated: 2020/03/12

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/05/29

Vulnerability Publication Date: 2013/05/22

Reference Information

CVE: CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849

BID: 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076

DSA: 2695