Vulnerabilities > CVE-2013-2873 - Use After Free vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Google
2957

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_28_0_1500_71.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 28.0.1500.71 and is, therefore, affected by multiple vulnerabilities : - A vulnerability exists that exposes HTTP in SSL to a man-in-the-middle attack. (CVE-2013-2853) - Block pop-unders in various scenarios. (CVE-2013-2867) - An error exists related to an incorrect sync of the NPAPI extension component. (CVE-2013-2868) - An unspecified flaw exists due to a lack of entropy in renderers. (CVE-2013-2872) - Use-after-free errors exist related to network sockets, input handling, and resource loading. (CVE-2013-2870, CVE-2013-2871, CVE-2013-2873) - A screen data leak error exists related to GL textures. (CVE-2013-2874) - An extension permission error exists related to interstitials. (CVE-2013-2876) - Multiple out-of-bounds errors exist related to JPEG2000, SVG, text handling and XML parsing. (CVE-2013-2869, CVE-2013-2875, CVE-2013-2877, CVE-2013-2878) - An unspecified error exists when setting up sign-in and sync. (CVE-2013-2879) - The vendor reports various, unspecified errors exist. (CVE-2013-2880)
    last seen2020-06-01
    modified2020-06-02
    plugin id67232
    published2013-07-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67232
    titleGoogle Chrome < 28.0.1500.71 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67232);
      script_version("1.19");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-2853",
        "CVE-2013-2867",
        "CVE-2013-2868",
        "CVE-2013-2869",
        "CVE-2013-2870",
        "CVE-2013-2871",
        "CVE-2013-2872",
        "CVE-2013-2873",
        "CVE-2013-2874",
        "CVE-2013-2875",
        "CVE-2013-2876",
        "CVE-2013-2877",
        "CVE-2013-2878",
        "CVE-2013-2879",
        "CVE-2013-2880"
      );
      script_bugtraq_id(
        61046,
        61047,
        61049,
        61050,
        61051,
        61052,
        61053,
        61054,
        61055,
        61056,
        61057,
        61058,
        61059,
        61060,
        61061
      );
    
      script_name(english:"Google Chrome < 28.0.1500.71 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is a version
    prior to 28.0.1500.71 and is, therefore, affected by multiple
    vulnerabilities :
    
      - A vulnerability exists that exposes HTTP in SSL to a
        man-in-the-middle attack. (CVE-2013-2853)
    
      - Block pop-unders in various scenarios. (CVE-2013-2867)
    
      - An error exists related to an incorrect sync of the
        NPAPI extension component. (CVE-2013-2868)
    
      - An unspecified flaw exists due to a lack of entropy in
        renderers. (CVE-2013-2872)
    
      - Use-after-free errors exist related to network sockets,
        input handling, and resource loading. (CVE-2013-2870,
        CVE-2013-2871, CVE-2013-2873)
    
      - A screen data leak error exists related to GL textures.
        (CVE-2013-2874)
    
      - An extension permission error exists related to
        interstitials.  (CVE-2013-2876)
    
      - Multiple out-of-bounds errors exist related to JPEG2000,
        SVG, text handling and XML parsing.  (CVE-2013-2869,
        CVE-2013-2875, CVE-2013-2877, CVE-2013-2878)
    
      - An unspecified error exists when setting up sign-in and
        sync. (CVE-2013-2879)
    
      - The vendor reports various, unspecified errors exist.
        (CVE-2013-2880)");
      # https://chromereleases.googleblog.com/2013/07/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f68d8c39");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 28.0.1500.71 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2870");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'28.0.1500.71', severity:SECURITY_HOLE);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2724.NASL
    descriptionSeveral vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline). - CVE-2013-2867 Chrome does not properly prevent pop-under windows. - CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. - CVE-2013-2869 Denial of service (out-of-bounds read) via a crafted JPEG2000 image. - CVE-2013-2870 Use-after-free vulnerability in network sockets. - CVE-2013-2871 Use-after-free vulnerability in input handling. - CVE-2013-2873 Use-after-free vulnerability in resource loading. - CVE-2013-2875 Out-of-bounds read in SVG file handling. - CVE-2013-2876 Chromium does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits. - CVE-2013-2877 Out-of-bounds read in XML file handling. - CVE-2013-2878 Out-of-bounds read in text handling. - CVE-2013-2879 The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked. - CVE-2013-2880 The Chromium 28 development team found various issues from internal fuzzing, audits, and other studies.
    last seen2020-03-17
    modified2013-07-19
    plugin id68970
    published2013-07-19
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68970
    titleDebian DSA-2724-1 : chromium-browser - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2724. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68970);
      script_version("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2853", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2873", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880");
      script_bugtraq_id(61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61056, 61057, 61059, 61060, 61061);
      script_xref(name:"DSA", value:"2724");
    
      script_name(english:"Debian DSA-2724-1 : chromium-browser - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Chromium web
    browser.
    
      - CVE-2013-2853
        The HTTPS implementation does not ensure that headers
        are terminated by \r\n\r\n (carriage return, newline,
        carriage return, newline).
    
      - CVE-2013-2867
        Chrome does not properly prevent pop-under windows.
    
      - CVE-2013-2868
        common/extensions/sync_helper.cc proceeds with sync
        operations for NPAPI extensions without checking for a
        certain plugin permission setting.
    
      - CVE-2013-2869
        Denial of service (out-of-bounds read) via a crafted
        JPEG2000 image.
    
      - CVE-2013-2870
        Use-after-free vulnerability in network sockets.
    
      - CVE-2013-2871
        Use-after-free vulnerability in input handling.
    
      - CVE-2013-2873
        Use-after-free vulnerability in resource loading.
    
      - CVE-2013-2875
        Out-of-bounds read in SVG file handling.
    
      - CVE-2013-2876
        Chromium does not properly enforce restrictions on the
        capture of screenshots by extensions, which could lead
        to information disclosure from previous page visits.
    
      - CVE-2013-2877
        Out-of-bounds read in XML file handling.
    
      - CVE-2013-2878
        Out-of-bounds read in text handling.
    
      - CVE-2013-2879
        The circumstances in which a renderer process can be
        considered a trusted process for sign-in and subsequent
        sync operations were not propertly checked.
    
      - CVE-2013-2880
        The Chromium 28 development team found various issues
        from internal fuzzing, audits, and other studies."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2867"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2868"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2877"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/chromium-browser"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2724"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the chromium-browser packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 28.0.1500.71-1~deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-browser");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"chromium", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-dbg", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-inspector", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-l10n", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-dbg", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-inspector", reference:"28.0.1500.71-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-l10n", reference:"28.0.1500.71-1~deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3B80104FE96C11E28BAC00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs. [252216] Low CVE-2013-2867: Block pop-unders in various scenarios. [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla. [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. [196636] None: Remove the
    last seen2020-06-01
    modified2020-06-02
    plugin id67237
    published2013-07-11
    reporterThis script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67237
    titleFreeBSD : chromium -- multiple vulnerabilities (3b80104f-e96c-11e2-8bac-00262d5ed8ee)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2013 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67237);
      script_version("$Revision: 1.7 $");
      script_cvs_date("$Date: 2015/01/26 05:42:54 $");
    
      script_cve_id("CVE-2013-2853", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2872", "CVE-2013-2873", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879");
    
      script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (3b80104f-e96c-11e2-8bac-00262d5ed8ee)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Google Chrome Releases reports :
    
    A special reward for Andrey Labunets for his combination of
    CVE-2013-2879 and CVE-2013-2868 along with some (since fixed)
    server-side bugs.
    
    [252216] Low CVE-2013-2867: Block pop-unders in various scenarios.
    
    [252062] High CVE-2013-2879: Confusion setting up sign-in and sync.
    Credit to Andrey Labunets.
    
    [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension
    component. Credit to Andrey Labunets.
    
    [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000
    handling. Credit to Felix Groebert of Google Security Team.
    
    [244746] [242762] Critical CVE-2013-2870: Use-after-free with network
    sockets. Credit to Collin Payne.
    
    [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP
    in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
    from Prosecco at INRIA Paris.
    
    [243991] [243818] High CVE-2013-2871: Use-after-free in input
    handling. Credit to miaubiz.
    
    [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in
    renderers. Credit to Eric Rescorla.
    
    [241139] High CVE-2013-2873: Use-after-free in resource loading.
    Credit to miaubiz.
    
    [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to
    miaubiz.
    
    [229504] Medium CVE-2013-2876: Extensions permissions confusion with
    interstitials. Credit to Dev Akhawe.
    
    [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit
    to Aki Helin of OUSPG.
    
    [196636] None: Remove the 'viewsource' attribute on iframes. Credit to
    Collin Jackson.
    
    [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling.
    Credit to Atte Kettunen of OUSPG."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://googlechromereleases.blogspot.nl/"
      );
      # http://www.freebsd.org/ports/portaudit/3b80104f-e96c-11e2-8bac-00262d5ed8ee.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6523f6c3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"chromium<28.0.1500.71")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-09-02T04:01:17.948-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.
familywindows
idoval:org.mitre.oval:def:17371
statusaccepted
submitted2013-07-12T11:33:28.782-04:00
titleUse-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources
version41