Vulnerabilities > CVE-2013-2268 - Security vulnerability in WebKit MathML Library

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
google
linux
microsoft
apple
nessus
NVD
Published: 2013-02-23
Updated: 2017-09-19

Summary

Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

Vulnerable Configurations

Part Description Count
Application
Google
2740
OS
Linux
1
OS
Microsoft
1
OS
Apple
1

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_25_0_1364_97.NASL
descriptionThe version of Google Chrome installed on the remote host is a version prior to 25.0.1364.97. It is, therefore, affected by the following vulnerabilities : - An unspecified memory corruption error exists related to
last seen2020-06-01
modified2020-06-02
plugin id64813
published2013-02-22
reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/64813
titleGoogle Chrome < 25.0.1364.97 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64813);
  script_version("1.17");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2013-0879",
    "CVE-2013-0880",
    "CVE-2013-0881",
    "CVE-2013-0882",
    "CVE-2013-0883",
    "CVE-2013-0884",
    "CVE-2013-0885",
    "CVE-2013-0887",
    "CVE-2013-0888",
    "CVE-2013-0889",
    "CVE-2013-0890",
    "CVE-2013-0891",
    "CVE-2013-0892",
    "CVE-2013-0893",
    "CVE-2013-0894",
    "CVE-2013-0896",
    "CVE-2013-0897",
    "CVE-2013-0898",
    "CVE-2013-0899",
    "CVE-2013-0900",
    "CVE-2013-2268"
  );
  script_bugtraq_id(
    58167,
    58318,
    59326,
    59327,
    59328,
    59330,
    59331,
    59332,
    59334,
    59336,
    59337,
    59338,
    59339,
    59340,
    59342,
    59343,
    59344,
    59345,
    59346,
    59347,
    59351
  );

  script_name(english:"Google Chrome < 25.0.1364.97 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is a
version prior to 25.0.1364.97. It is, therefore, affected by the
following vulnerabilities :

  - An unspecified memory corruption error exists related
    to 'web audio node'. (CVE-2013-0879)

  - Use-after-free errors exist related to database and
    URL handling. (CVE-2013-0880, CVE-2013-0898)

  - Improper memory read errors exist related to Matroska,
    excessive SVG parameters, and Skia. (CVE-2013-0881,
    CVE-2013-0882, CVE-2013-0883, CVE-2013-0888)

  - An error exists related to improper loading of 'NaCl'.
    (CVE-2013-0884)

  - The 'web store' is granted too many API permissions.
    (CVE-2013-0885)

  - The developer tools process is granted too many
    permissions and trusts remote servers incorrectly.
    (CVE-2013-0887)

  - User gestures are not properly checked with respect to
    dangerous file downloads. (CVE-2013-0889)

  - An unspecified memory safety issue exists in the IPC
    layer. (CVE-2013-0890)

  - Integer overflow errors exist related to blob and
    'Opus' handling. (CVE-2013-0891, CVE-2013-0899)

  - Numerous, unspecified, lower-severity issues exist
    related to the IPC layer. (CVE-2013-0892)

  - Race conditions exist related to media handling and
    ICU. (CVE-2013-0893, CVE-2013-0900)

  - A buffer overflow exists related to vorbis decoding.
    (CVE-2013-0894)

  - Memory management errors exist related to plugin
    message handling. (CVE-2013-0896)

  - An off-by-one read error exists related to PDF
    handling. (CVE-2013-0897)

Note that the vendor states that WebKit's MathML implementation has been
disabled in this release.  This is due to several unspecified, high
severity security issues.  Successful exploitation of some of these
issues could lead to an application crash or even allow arbitrary code
execution, subject to the user's privileges.");
  # https://chromereleases.googleblog.com/2013/02/stable-channel-update_21.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1f3d1b4");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 25.0.1364.97 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2268");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'25.0.1364.97', severity:SECURITY_HOLE);

Oval

accepted2013-08-12T04:08:24.685-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUnspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."
familywindows
idoval:org.mitre.oval:def:16329
statusaccepted
submitted2013-02-24T15:45:10.582-05:00
titleUnspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue"
version44

References