SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Spoof URLs
SecurityTracker Alert ID:  1029216
SecurityTracker URL:  http://securitytracker.com/id/1029216
CVE Reference:   CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2914, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924   (Links to External Site)
Date:  Oct 21 2013
Impact:   Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 30.0.1599.66
Description:   A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof URLs.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A race condition may occur in Web Audio [CVE-2013-2906]. Atte Kettunen of OUSPG reported this vulnerability.

An out-of-bounds memory read may occur in the Window.prototype object [CVE-2013-2907]. Boris Zbarsky reported this vulnerability.

A remote user can spoof the address bar due to a flaw regarding the '204 No Content' HTTP status code [CVE-2013-2908]. Chamal de Silva reported this vulnerability.

A use-after-free may occur in inline-block rendering [CVE-2013-2909]. Atte Kettunen of OUSPG reported this vulnerability.

A use-after-free may occur in Web Audio [CVE-2013-2910]. Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) reported this vulnerability.

A use-after-free may occur in XSLT [CVE-2013-2911]. Atte Kettunen of OUSPG reported this vulnerability.

A use-after-free may occur in PPAPI [CVE-2013-2912]. Chamal de Silva and 41.w4r10r(at)garage4hackers.com reported this vulnerability.

A use-after-free may occur in XML document parsing [CVE-2013-2913]. cloudfuzzer reported this vulnerability.

A use-after-free may occur in the Windows color chooser dialog [CVE-2013-2914]. Khalil Zhani reported this vulnerability.

A remote user can spoof the address bar via a malformed scheme [CVE-2013-2915]. Wander Groeneveld reported this vulnerability.

A remote user can spoof the address bar due to a flaw regarding the '204 No Content' HTTP status code [CVE-2013-2916]. Masato Kinugawa reported this vulnerability.

An out-of-bounds memory read may occur in Web Audio [CVE-2013-2917]. Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC) reported this vulnerability.

A use-after-free may occur in DOM [CVE-2013-2918]. Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) reported this vulnerability.

A memory corruption may occur in the V8 engine [CVE-2013-2919]. Adam Haile of Concrete Data reported this vulnerability.

An out-of-bounds memory read may occur in URL parsing [CVE-2013-2920]. Atte Kettunen of OUSPG reported this vulnerability.

A use-after-free may occur in the resource loader [CVE-2013-2921]. Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC) reported this vulnerability.

A use-after-free may occur in the template element [CVE-2013-2922]. Jon Butler reported this vulnerability.

Other flaws may occur [CVE-2013-2923].

A use after free may occur in ICU [CVE-2013-2924].

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can spoof URLs.

Solution:   The vendor has issued a fix (30.0.1599.66).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html

Vendor URL:  googlechromereleases.blogspot.com/2013/10/stable-channel-update.html (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 17 2013 (Apple Issues Fix for Safari) Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Spoof URLs
Apple has issued a fix for Apple Safari on OS X.
Dec 17 2013 (Apple Issues Fix for OS X) Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Spoof URLs
Apple has issued a fix for OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC