Vulnerabilities > CVE-2012-5137 - Use After Free vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_23_0_1271_95.NASL description The version of Google Chrome installed on the remote host is earlier than 23.0.1271.95 and is, therefore, affected by the following vulnerabilities : - A use-after-free error exists related to media source handling. (CVE-2012-5137) - An unspecified error exists related to file path handling. (CVE-2012-5138) Successful exploitation of either of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 63110 published 2012-11-30 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63110 title Google Chrome < 23.0.1271.95 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63110); script_version("1.12"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-5137", "CVE-2012-5138"); script_bugtraq_id(56741); script_name(english:"Google Chrome < 23.0.1271.95 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is earlier than 23.0.1271.95 and is, therefore, affected by the following vulnerabilities : - A use-after-free error exists related to media source handling. (CVE-2012-5137) - An unspecified error exists related to file path handling. (CVE-2012-5138) Successful exploitation of either of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges."); # https://chromereleases.googleblog.com/2012/11/stable-channel-update_29.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ade3ed78"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 23.0.1271.95 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5138"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'23.0.1271.95', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-845.NASL description Chromium was updated to 25.0.1343 - Security Fixes (bnc#791234 and bnc#792154) : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. - CVE-2012-5138: Incorrect file path handling - CVE-2012-5137: Use-after-free in media source handling - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed - Update to 25.0.1335 - (gtk) Fixed <input> selection renders white text on white background in apps. (Issue: 158422) - Fixed translate infobar button to show selected language. (Issue: 155350) - Fixed broken Arabic language. (Issue: 158978) - Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) - Fixed JavaScript rendering issue. (Issue: 159655) - No further indications in the ChangeLog - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - add explicit buildrequire on libbz2-devel last seen 2020-06-05 modified 2014-06-13 plugin id 74839 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74839 title openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-845. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74839); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5130", "CVE-2012-5131", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5134", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138"); script_name(english:"openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1)"); script_summary(english:"Check for the openSUSE-2012-845 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Chromium was updated to 25.0.1343 - Security Fixes (bnc#791234 and bnc#792154) : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. - CVE-2012-5138: Incorrect file path handling - CVE-2012-5137: Use-after-free in media source handling - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed - Update to 25.0.1335 - (gtk) Fixed <input> selection renders white text on white background in apps. (Issue: 158422) - Fixed translate infobar button to show selected language. (Issue: 155350) - Fixed broken Arabic language. (Issue: 158978) - Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) - Fixed JavaScript rendering issue. (Issue: 159655) - No further indications in the ChangeLog - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - add explicit buildrequire on libbz2-devel" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=791234" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=792154" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-12/msg00024.html" ); script_set_attribute( attribute:"solution", value:"Update the affected Chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"chromedriver-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromedriver-debuginfo-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-debuginfo-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-debugsource-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-gnome-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-kde-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-ffmpegsumo-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-debuginfo-25.0.1343.0-1.43.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-debuginfo-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-debuginfo-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-debugsource-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-gnome-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-kde-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-ffmpegsumo-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-25.0.1343.0-1.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-debuginfo-25.0.1343.0-1.23.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5AF51AE93ACD11E2A4EB00262D5ED8EE.NASL description Google Chrome Releases reports : [161564] High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Juri Aedla). [162835] High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie. last seen 2020-06-01 modified 2020-06-02 plugin id 63115 published 2012-12-02 reporter This script is Copyright (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63115 title FreeBSD : chromium -- multiple vulnerabilities (5af51ae9-3acd-11e2-a4eb-00262d5ed8ee) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2016 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(63115); script_version("$Revision: 1.6 $"); script_cvs_date("$Date: 2016/05/26 16:04:31 $"); script_cve_id("CVE-2012-5137", "CVE-2012-5138"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (5af51ae9-3acd-11e2-a4eb-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : [161564] High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Juri Aedla). [162835] High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie." ); # http://googlechromereleases.blogspot.nl/search/label/Stable%20updates script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bdc75d6a" ); # http://www.freebsd.org/ports/portaudit/5af51ae9-3acd-11e2-a4eb-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?52dc16de" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<23.0.1271.95")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-16.NASL description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70112 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70112 title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-16. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70112); script_version("1.26"); script_cvs_date("Date: 2018/07/12 15:01:52"); script_cve_id("CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5118", "CVE-2012-5120", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128", "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138", "CVE-2012-5139", "CVE-2012-5140", "CVE-2012-5141", "CVE-2012-5142", "CVE-2012-5143", "CVE-2012-5144", "CVE-2012-5145", "CVE-2012-5146", "CVE-2012-5147", "CVE-2012-5148", "CVE-2012-5149", "CVE-2012-5150", "CVE-2012-5151", "CVE-2012-5152", "CVE-2012-5153", "CVE-2012-5154", "CVE-2013-0828", "CVE-2013-0829", "CVE-2013-0830", "CVE-2013-0831", "CVE-2013-0832", "CVE-2013-0833", "CVE-2013-0834", "CVE-2013-0835", "CVE-2013-0836", "CVE-2013-0837", "CVE-2013-0838", "CVE-2013-0839", "CVE-2013-0840", "CVE-2013-0841", "CVE-2013-0842", "CVE-2013-0879", "CVE-2013-0880", "CVE-2013-0881", "CVE-2013-0882", "CVE-2013-0883", "CVE-2013-0884", "CVE-2013-0885", "CVE-2013-0887", "CVE-2013-0888", "CVE-2013-0889", "CVE-2013-0890", "CVE-2013-0891", "CVE-2013-0892", "CVE-2013-0893", "CVE-2013-0894", "CVE-2013-0895", "CVE-2013-0896", "CVE-2013-0897", "CVE-2013-0898", "CVE-2013-0899", "CVE-2013-0900", "CVE-2013-0902", "CVE-2013-0903", "CVE-2013-0904", "CVE-2013-0905", "CVE-2013-0906", "CVE-2013-0907", "CVE-2013-0908", "CVE-2013-0909", "CVE-2013-0910", "CVE-2013-0911", "CVE-2013-0912", "CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926", "CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849", "CVE-2013-2853", "CVE-2013-2855", "CVE-2013-2856", "CVE-2013-2857", "CVE-2013-2858", "CVE-2013-2859", "CVE-2013-2860", "CVE-2013-2861", "CVE-2013-2862", "CVE-2013-2863", "CVE-2013-2865", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2874", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880", "CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886", "CVE-2013-2887", "CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905"); script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891); script_xref(name:"GLSA", value:"201309-16"); script_name(english:"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time." ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0b9b0b08" ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2f59319e" ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ee73f07e" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-16" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-29.0.1457.57' All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 29.0.1457.57"), vulnerable:make_list("lt 29.0.1457.57"))) flag++; if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.18.5.14"), vulnerable:make_list("lt 3.18.5.14"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8"); }
Oval
| accepted | 2013-08-12T04:08:02.975-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:15819 | ||||||||
| status | accepted | ||||||||
| submitted | 2012-12-04T09:00:55.661-05:00 | ||||||||
| title | Use-after-free vulnerability in Google Chrome before 23.0.1271.95 via vectors related to the Media Source API | ||||||||
| version | 42 |
References
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
- http://secunia.com/advisories/51447
- http://secunia.com/advisories/51447
- http://www.securityfocus.com/bid/56741
- http://www.securityfocus.com/bid/56741
- https://code.google.com/p/chromium/issues/detail?id=162835
- https://code.google.com/p/chromium/issues/detail?id=162835
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15819
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15819