Executive Summary
Summary | |
---|---|
Title | chromium-browser security update |
Informations | |||
---|---|---|---|
Name | DSA-2905 | First vendor Publication | 2014-04-15 |
Vendor | Debian | Last vendor Modification | 2014-04-15 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1716 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2014-1718 Aaron Staple discovered an integer overflow issue in chromium's software compositor. CVE-2014-1719 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2014-1720 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1721 Christian Holler discovered a memory corruption issue in the v8 javascript library. CVE-2014-1722 miaubiz discovered a use-after-free issue in block rendering. CVE-2014-1723 George McBay discovered a url spoofing issue. CVE-2014-1724 Atte Kettunen discovered a use-after-free issue in freebsoft's libspeechd library. Because of this issue, the text-to-speech feature is now disabled by default ("--enable-speech-dispatcher" at the command-line can re-enable it). CVE-2014-1725 An out-of-bounds read was discovered in the base64 implementation. CVE-2014-1726 Jann Horn discovered a way to bypass the same origin policy. CVE-2014-1727 Khalil Zhani discovered a use-after-free issue in the web color chooser implementation. CVE-2014-1728 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-1729 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.22 of the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.116-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.116-1. We recommend that you upgrade your chromium-browser packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-2905 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
45 % | CWE-399 | Resource Management Errors |
27 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
18 % | CWE-20 | Improper Input Validation |
9 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:23718 | |||
Oval ID: | oval:org.mitre.oval:def:23718 | ||
Title: | Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1729) | ||
Description: | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1729 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23829 | |||
Oval ID: | oval:org.mitre.oval:def:23829 | ||
Title: | Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1728) | ||
Description: | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1728 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23944 | |||
Oval ID: | oval:org.mitre.oval:def:23944 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1726) | ||
Description: | The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1726 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23988 | |||
Oval ID: | oval:org.mitre.oval:def:23988 | ||
Title: | Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1720) | ||
Description: | Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1720 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24130 | |||
Oval ID: | oval:org.mitre.oval:def:24130 | ||
Title: | Cross-site scripting vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1716) | ||
Description: | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1716 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24207 | |||
Oval ID: | oval:org.mitre.oval:def:24207 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1725) | ||
Description: | The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1725 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24243 | |||
Oval ID: | oval:org.mitre.oval:def:24243 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1717) | ||
Description: | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1717 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24278 | |||
Oval ID: | oval:org.mitre.oval:def:24278 | ||
Title: | Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1722) | ||
Description: | Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1722 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24532 | |||
Oval ID: | oval:org.mitre.oval:def:24532 | ||
Title: | Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1724) | ||
Description: | Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1724 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24546 | |||
Oval ID: | oval:org.mitre.oval:def:24546 | ||
Title: | Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1727) | ||
Description: | Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1727 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24594 | |||
Oval ID: | oval:org.mitre.oval:def:24594 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1723) | ||
Description: | The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1723 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24602 | |||
Oval ID: | oval:org.mitre.oval:def:24602 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1721) | ||
Description: | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1721 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24608 | |||
Oval ID: | oval:org.mitre.oval:def:24608 | ||
Title: | Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1719) | ||
Description: | Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1719 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24669 | |||
Oval ID: | oval:org.mitre.oval:def:24669 | ||
Title: | Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1718) | ||
Description: | Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1718 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-04-10 | IAVM : 2014-B-0039 - Multiple Vulnerabilities in Google Chrome Severity : Category I - VMSKEY : V0048683 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-16.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-330.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2905.nasl - Type : ACT_GATHER_INFO |
2014-04-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_963413a5bf5011e3a2d600262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-04-18 13:25:57 |
|
2014-04-16 05:20:18 |
|