ID de Prueba:	1.3.6.1.4.1.25623.1.0.702883
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2883-1 (chromium-browser - security update)
Resumen:	Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2013-6653;Khalil Zhani discovered a use-after-free issue in chromium's web;contents color chooser.;;CVE-2013-6654;TheShow3511 discovered an issue in SVG handling.;;CVE-2013-6655;cloudfuzzer discovered a use-after-free issue in dom event handling.;;CVE-2013-6656;NeexEmil discovered an information leak in the XSS auditor.;;CVE-2013-6657;NeexEmil discovered a way to bypass the Same Origin policy in the;XSS auditor.;;CVE-2013-6658;cloudfuzzer discovered multiple use-after-free issues surrounding;the updateWidgetPositions function.;;CVE-2013-6659;Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that;it was possible to trigger an unexpected certificate chain during;TLS renegotiation.;;CVE-2013-6660;bishopjeffreys discovered an information leak in the drag and drop;implementation.;;CVE-2013-6661;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.117.;;CVE-2013-6663;Atte Kettunen discovered a use-after-free issue in SVG handling.;;CVE-2013-6664;Khalil Zhani discovered a use-after-free issue in the speech;recognition feature.;;CVE-2013-6665;cloudfuzzer discovered a buffer overflow issue in the software;renderer.;;CVE-2013-6666;netfuzzer discovered a restriction bypass in the Pepper Flash;plugin.;;CVE-2013-6667;The Google Chrome team discovered and fixed multiple issues in;version 33.0.1750.146.;;CVE-2013-6668;Multiple vulnerabilities were fixed in version 3.24.35.10 of;the V8 javascript library.;;CVE-2014-1700;Chamal de Silva discovered a use-after-free issue in speech;synthesis.;;CVE-2014-1701;aidanhs discovered a cross-site scripting issue in event handling.;;CVE-2014-1702;Colin Payne discovered a use-after-free issue in the web database;implementation.;;CVE-2014-1703;VUPEN discovered a use-after-free issue in web sockets that;could lead to a sandbox escape.;;CVE-2014-1704;Multiple vulnerabilities were fixed in version 3.23.17.18 of;the V8 javascript library.;;CVE-2014-1705;A memory corruption issue was discovered in the V8 javascript;library.;;CVE-2014-1713;A use-after-free issue was discovered in the AttributeSetter;function.;;CVE-2014-1715;A directory traversal issue was found and fixed.
Descripción:	Summary: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. Affected Software/OS: chromium-browser on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~ deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. We recommend that you upgrade your chromium-browser packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6653 Debian Security Information: DSA-2883 (Google Search) http://www.debian.org/security/2014/dsa-2883 SuSE Security Announcement: openSUSE-SU-2014:0327 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6654 Common Vulnerability Exposure (CVE) ID: CVE-2013-6655 Common Vulnerability Exposure (CVE) ID: CVE-2013-6656 Common Vulnerability Exposure (CVE) ID: CVE-2013-6657 Common Vulnerability Exposure (CVE) ID: CVE-2013-6658 Common Vulnerability Exposure (CVE) ID: CVE-2013-6659 Common Vulnerability Exposure (CVE) ID: CVE-2013-6660 Common Vulnerability Exposure (CVE) ID: CVE-2013-6661 Common Vulnerability Exposure (CVE) ID: CVE-2013-6663 http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html BugTraq ID: 65930 http://www.securityfocus.com/bid/65930 http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 Common Vulnerability Exposure (CVE) ID: CVE-2013-6664 Common Vulnerability Exposure (CVE) ID: CVE-2013-6665 Common Vulnerability Exposure (CVE) ID: CVE-2013-6666 Common Vulnerability Exposure (CVE) ID: CVE-2013-6667 Common Vulnerability Exposure (CVE) ID: CVE-2013-6668 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 http://secunia.com/advisories/61184 Common Vulnerability Exposure (CVE) ID: CVE-2014-1700 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.securitytracker.com/id/1029914 SuSE Security Announcement: openSUSE-SU-2014:0501 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1701 Common Vulnerability Exposure (CVE) ID: CVE-2014-1702 Common Vulnerability Exposure (CVE) ID: CVE-2014-1703 Common Vulnerability Exposure (CVE) ID: CVE-2014-1704 Common Vulnerability Exposure (CVE) ID: CVE-2014-1705 Common Vulnerability Exposure (CVE) ID: CVE-2014-1713 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html Bugtraq: 20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1715 BugTraq ID: 66249 http://www.securityfocus.com/bid/66249
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.