openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)

critical Nessus Plugin ID 75366
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


- Update to Chromium 31.0.1650.63 Stable channel update :

- Security fixes :

- CVE-2013-6634: Session fixation in sync related to 302 redirects

- CVE-2013-6635: Use-after-free in editing

- CVE-2013-6636: Address bar spoofing related to modal dialogs

- CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.

- CVE-2013-6638: Buffer overflow in v8

- CVE-2013-6639: Out of bounds write in v8.

- CVE-2013-6640: Out of bounds read in v8

- and 12 other security fixes.

- Remove the build flags to build according to the Chrome ffmpeg branding and the proprietary codecs. (bnc#847971)

- Update to Chromium 31.0.1650.57 Stable channel update :

- Security Fixes :

- CVE-2013-6632: Multiple memory corruption issues.

- Update to Chromium 31.0.1650.48 Stable Channel update :

- Security fixes :

- CVE-2013-6621: Use after free related to speech input elements..

- CVE-2013-6622: Use after free related to media elements.

- CVE-2013-6623: Out of bounds read in SVG.

- CVE-2013-6624: Use after free related to “id” attribute strings.

- CVE-2013-6625: Use after free in DOM ranges.

- CVE-2013-6626: Address bar spoofing related to interstitial warnings.

- CVE-2013-6627: Out of bounds read in HTTP parsing.

- CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.

- CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.

- CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.

- CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.

- CVE-2013-6631: Use after free in libjingle.

- Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build

- Enable ARM build for Chromium.

- Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues

- Update to Chromium 30.0.1599.114 Stable Channel update:
fix build for 32bit systems

- Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream

- For openSUSE versions lower than 13.1, build against the in-tree libicu

- Update to Chromium 30.0.1599.101

- Security Fixes :

+ CVE-2013-2925: Use after free in XHR

+ CVE-2013-2926: Use after free in editing

+ CVE-2013-2927: Use after free in forms.

+ CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives.

- Update to Chromium 30.0.1599.66

- Easier searching by image

- A number of new apps/extension APIs

- Lots of under the hood changes for stability and performance

- Security fixes :

+ CVE-2013-2906: Races in Web Audio

+ CVE-2013-2907: Out of bounds read in Window.prototype object

+ CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code

+ CVE-2013-2909: Use after free in inline-block rendering

+ CVE-2013-2910: Use-after-free in Web Audio

+ CVE-2013-2911: Use-after-free in XSLT

+ CVE-2013-2912: Use-after-free in PPAPI

+ CVE-2013-2913: Use-after-free in XML document parsing

+ CVE-2013-2914: Use after free in the Windows color chooser dialog

+ CVE-2013-2915: Address bar spoofing via a malformed scheme

+ CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code

+ CVE-2013-2917: Out of bounds read in Web Audio

+ CVE-2013-2918: Use-after-free in DOM

+ CVE-2013-2919: Memory corruption in V8

+ CVE-2013-2920: Out of bounds read in URL parsing

+ CVE-2013-2921: Use-after-free in resource loader

+ CVE-2013-2922: Use-after-free in template element

+ CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives

+ CVE-2013-2924: Use-after-free in ICU. Upstream bug


Update the affected chromium packages.

See Also

Plugin Details

Severity: Critical

ID: 75366

File Name: openSUSE-2014-37.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: High

Score: 8.9


Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/7/2014

Reference Information

CVE: CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2914, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-2931, CVE-2013-6621, CVE-2013-6622, CVE-2013-6623, CVE-2013-6624, CVE-2013-6625, CVE-2013-6626, CVE-2013-6627, CVE-2013-6628, CVE-2013-6629, CVE-2013-6630, CVE-2013-6631, CVE-2013-6632, CVE-2013-6634, CVE-2013-6635, CVE-2013-6636, CVE-2013-6637, CVE-2013-6638, CVE-2013-6639, CVE-2013-6640