Vulnerabilities > CVE-2013-6626 - Address Bar URI Spoofing vulnerability in Google Chrome

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
google
nessus

Summary

The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.

Vulnerable Configurations

Part Description Count
Application
Google
3131

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-903.NASL
    descriptionSecurity and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57 : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Enable ARM build for Chromium.
    last seen2020-06-05
    modified2014-06-13
    plugin id75212
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75212
    titleopenSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-903.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75212);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631", "CVE-2013-6632");
      script_bugtraq_id(63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63673, 63674, 63675, 63676, 63677, 63678, 63679, 63729);
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)");
      script_summary(english:"Check for the openSUSE-2013-903 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security and bugfix update to Chromium 31.0.1650.57
    
      - Update to Chromium 31.0.1650.57 :
    
      - Security Fixes :
    
      - CVE-2013-6632: Multiple memory corruption issues.
    
      - Update to Chromium 31.0.1650.48 Stable Channel update :
    
      - Security fixes :
    
      - CVE-2013-6621: Use after free related to speech input
        elements..
    
      - CVE-2013-6622: Use after free related to media elements. 
    
      - CVE-2013-6623: Out of bounds read in SVG.
    
      - CVE-2013-6624: Use after free related to
        “id” attribute strings.
    
      - CVE-2013-6625: Use after free in DOM ranges.
    
      - CVE-2013-6626: Address bar spoofing related to
        interstitial warnings.
    
      - CVE-2013-6627: Out of bounds read in HTTP parsing.
    
      - CVE-2013-6628: Issue with certificates not being checked
        during TLS renegotiation.
    
      - CVE-2013-2931: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2013-6629: Read of uninitialized memory in libjpeg
        and libjpeg-turbo.
    
      - CVE-2013-6630: Read of uninitialized memory in
        libjpeg-turbo.
    
      - CVE-2013-6631: Use after free in libjingle.
    
      - Stable Channel update: fix build for 32bit systems
    
      - Update to Chromium 30.0.1599.101
    
      - Security Fixes :
    
      + CVE-2013-2925: Use after free in XHR
    
      + CVE-2013-2926: Use after free in editing
    
      + CVE-2013-2927: Use after free in forms.
    
      + CVE-2013-2928: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - Enable ARM build for Chromium."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=850430"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-11/msg00107.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-debuginfo-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-debuginfo-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-debugsource-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-gnome-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-kde-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-debuginfo-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-31.0.1650.57-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-debuginfo-31.0.1650.57-1.17.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_31_0_1650_48.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements,
    last seen2020-06-01
    modified2020-06-02
    plugin id70917
    published2013-11-14
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70917
    titleGoogle Chrome < 31.0.1650.48 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70917);
      script_version("1.14");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-2931",
        "CVE-2013-6621",
        "CVE-2013-6622",
        "CVE-2013-6623",
        "CVE-2013-6624",
        "CVE-2013-6625",
        "CVE-2013-6626",
        "CVE-2013-6627",
        "CVE-2013-6628",
        "CVE-2013-6629",
        "CVE-2013-6630",
        "CVE-2013-6631"
      );
      script_bugtraq_id(
        63667,
        63669,
        63670,
        63671,
        63672,
        63673,
        63674,
        63675,
        63676,
        63677,
        63678,
        63679
      );
    
      script_name(english:"Google Chrome < 31.0.1650.48 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote Mac OS X host is a
    version prior to 31.0.1650.48.  It is, therefore, affected by multiple
    vulnerabilities :
    
      - Various, unspecified errors exist. (CVE-2013-2931)
    
      - Use-after-free errors exist related to speech input
        elements, media elements, 'id' attribute strings, DOM
        ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622,
        CVE-2013-6624, CVE-2013-6625, CVE-2013-6631)
    
      - Out-of-bounds read errors exist in SVG and HTTP
        parsing. (CVE-2013-6623, CVE-2013-6627)
    
      - An address bar URI-spoofing vulnerability exists that is
        related to interstitial warnings. (CVE-2013-6626)
    
      - A certificate validation security bypass issue exists
        during TLS renegotiation. (CVE-2013-6628)
    
      - A memory corruption error exists in the libjpeg and
        libjpeg-turbo libraries when memory is uninitialized
        when decoding images with missing SOS data.
        (CVE-2013-6629)
    
      - A memory corruption error exists in the 'jdmarker.c'
        source file in the libjpeg-turbo library when processing
        Huffman tables. (CVE-2013-6630)");
      # http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0a7b53d");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 31.0.1650.48 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2931");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_google_chrome_installed.nbin");
      script_require_keys("MacOSX/Google Chrome/Installed");
    
      exit(0);
    }
    
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("MacOSX/Google Chrome/Installed");
    
    google_chrome_check_version(fix:'31.0.1650.48', severity:SECURITY_HOLE);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2799.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. - CVE-2013-6622
    last seen2020-03-17
    modified2013-11-21
    plugin id70986
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70986
    titleDebian DSA-2799-1 : chromium-browser - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2799. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70986);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631", "CVE-2013-6632");
      script_xref(name:"DSA", value:"2799");
    
      script_name(english:"Debian DSA-2799-1 : chromium-browser - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the chromium web
    browser.
    
      - CVE-2013-2931
        The chrome 31 development team found various issues from
        internal fuzzing, audits, and other studies.
    
      - CVE-2013-6621
        Khalil Zhani discovered a use-after-free issue in speech
        input handling.
    
      - CVE-2013-6622
        'cloudfuzzer' discovered a use-after-free issue in
        HTMLMediaElement.
    
      - CVE-2013-6623
        'miaubiz' discovered an out-of-bounds read in the
        Blink/Webkit SVG implementation.
    
      - CVE-2013-6624
        Jon Butler discovered a use-after-free issue in id
        attribute strings.
    
      - CVE-2013-6625
        'cloudfuzzer' discovered a use-after-free issue in the
        Blink/Webkit DOM implementation.
    
      - CVE-2013-6626
        Chamal de Silva discovered an address bar spoofing
        issue.
    
      - CVE-2013-6627
        'skylined' discovered an out-of-bounds read in the HTTP
        stream parser.
    
      - CVE-2013-6628
        Antoine Delignat-Lavaud and Karthikeyan Bhargavan of
        INRIA Paris discovered that a different (unverified)
        certificate could be used after successful TLS
        renegotiation with a valid certificate.
    
      - CVE-2013-6629
        Michal Zalewski discovered an uninitialized memory read
        in the libjpeg and libjpeg-turbo libraries.
    
      - CVE-2013-6630
        Michal Zalewski discovered another uninitialized memory
        read in the libjpeg and libjpeg-turbo libraries.
    
      - CVE-2013-6631
        Patrik Hoglund discovered a use-free issue in the
        libjingle library.
    
      - CVE-2013-6632
        Pinkie Pie discovered multiple memory corruption issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2931"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6622"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6624"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6631"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-6632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/chromium-browser"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2799"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the chromium-browser packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 31.0.1650.57-1~deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-browser");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"chromium", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-dbg", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-inspector", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-l10n", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-dbg", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-inspector", reference:"31.0.1650.57-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-l10n", reference:"31.0.1650.57-1~deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3BFC70164BCC11E3B0CF00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 25 security fixes in this release, including : - [268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - [272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - [290566] High CVE-2013-6624: Use after free related to
    last seen2020-06-01
    modified2020-06-02
    plugin id70865
    published2013-11-13
    reporterThis script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70865
    titleFreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2016 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70865);
      script_version("$Revision: 1.6 $");
      script_cvs_date("$Date: 2016/05/27 14:13:22 $");
    
      script_cve_id("CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631");
    
      script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Google Chrome Releases reports :
    
    25 security fixes in this release, including :
    
    - [268565] Medium CVE-2013-6621: Use after free related to speech
    input elements. Credit to Khalil Zhani.
    
    - [272786] High CVE-2013-6622: Use after free related to media
    elements. Credit to cloudfuzzer.
    
    - [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to
    miaubiz.
    
    - [290566] High CVE-2013-6624: Use after free related to 'id'
    attribute strings. Credit to Jon Butler.
    
    - [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to
    cloudfuzzer.
    
    - [295695] Low CVE-2013-6626: Address bar spoofing related to
    interstitial warnings. Credit to Chamal de Silva.
    
    - [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing.
    Credit to skylined.
    
    - [306959] Medium CVE-2013-6628: Issue with certificates not being
    checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud
    and Karthikeyan Bhargavan from Prosecco of INRIA Paris.
    
    - [315823] Medium-Critical CVE-2013-2931: Various fixes from internal
    audits, fuzzing and other initiatives.
    
    - [258723] Medium CVE-2013-6629: Read of uninitialized memory in
    libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
    
    - [299835] Medium CVE-2013-6630: Read of uninitialized memory in
    libjpeg-turbo. Credit to Michal Zalewski of Google.
    
    - [296804] High CVE-2013-6631: Use after free in libjingle. Credit to
    Patrik Hoglund of the Chromium project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://googlechromereleases.blogspot.nl/"
      );
      # http://www.freebsd.org/ports/portaudit/3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?79f2f276"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"chromium<31.0.1650.48")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-37.NASL
    description - Update to Chromium 31.0.1650.63 Stable channel update : - Security fixes : - CVE-2013-6634: Session fixation in sync related to 302 redirects - CVE-2013-6635: Use-after-free in editing - CVE-2013-6636: Address bar spoofing related to modal dialogs - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8 - CVE-2013-6639: Out of bounds write in v8. - CVE-2013-6640: Out of bounds read in v8 - and 12 other security fixes. - Remove the build flags to build according to the Chrome ffmpeg branding and the proprietary codecs. (bnc#847971) - Update to Chromium 31.0.1650.57 Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to &ldquo;id&rdquo; attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the &ldquo;204 No Content&rdquo; status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the &ldquo;204 No Content&rdquo; status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen2020-06-05
    modified2014-06-13
    plugin id75366
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75366
    titleopenSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-37.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75366);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2906", "CVE-2013-2907", "CVE-2013-2908", "CVE-2013-2909", "CVE-2013-2910", "CVE-2013-2911", "CVE-2013-2912", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2915", "CVE-2013-2916", "CVE-2013-2917", "CVE-2013-2918", "CVE-2013-2919", "CVE-2013-2920", "CVE-2013-2921", "CVE-2013-2922", "CVE-2013-2923", "CVE-2013-2924", "CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631", "CVE-2013-6632", "CVE-2013-6634", "CVE-2013-6635", "CVE-2013-6636", "CVE-2013-6637", "CVE-2013-6638", "CVE-2013-6639", "CVE-2013-6640");
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)");
      script_summary(english:"Check for the openSUSE-2014-37 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Update to Chromium 31.0.1650.63 Stable channel update :
    
      - Security fixes :
    
      - CVE-2013-6634: Session fixation in sync related to 302
        redirects
    
      - CVE-2013-6635: Use-after-free in editing
    
      - CVE-2013-6636: Address bar spoofing related to modal
        dialogs
    
      - CVE-2013-6637: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2013-6638: Buffer overflow in v8
    
      - CVE-2013-6639: Out of bounds write in v8.
    
      - CVE-2013-6640: Out of bounds read in v8
    
      - and 12 other security fixes.
    
      - Remove the build flags to build according to the Chrome
        ffmpeg branding and the proprietary codecs. (bnc#847971)
    
      - Update to Chromium 31.0.1650.57 Stable channel update :
    
      - Security Fixes :
    
      - CVE-2013-6632: Multiple memory corruption issues.
    
      - Update to Chromium 31.0.1650.48 Stable Channel update :
    
      - Security fixes :
    
      - CVE-2013-6621: Use after free related to speech input
        elements..
    
      - CVE-2013-6622: Use after free related to media elements. 
    
      - CVE-2013-6623: Out of bounds read in SVG.
    
      - CVE-2013-6624: Use after free related to
        &ldquo;id&rdquo; attribute strings.
    
      - CVE-2013-6625: Use after free in DOM ranges.
    
      - CVE-2013-6626: Address bar spoofing related to
        interstitial warnings.
    
      - CVE-2013-6627: Out of bounds read in HTTP parsing.
    
      - CVE-2013-6628: Issue with certificates not being checked
        during TLS renegotiation.
    
      - CVE-2013-2931: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2013-6629: Read of uninitialized memory in libjpeg
        and libjpeg-turbo.
    
      - CVE-2013-6630: Read of uninitialized memory in
        libjpeg-turbo.
    
      - CVE-2013-6631: Use after free in libjingle.
    
      - Added patch chromium-fix-chromedriver-build.diff to fix
        the chromedriver build
    
      - Enable ARM build for Chromium. 
    
      - Added patches chromium-arm-webrtc-fix.patch,
        chromium-fix-arm-icu.patch and
        chromium-fix-arm-sysroot.patch to resolve ARM specific
        build issues
    
      - Update to Chromium 30.0.1599.114 Stable Channel update:
        fix build for 32bit systems
    
      - Drop patch chromium-fix-chromedriver-build.diff. This is
        now fixed upstream
    
      - For openSUSE versions lower than 13.1, build against the
        in-tree libicu
    
      - Update to Chromium 30.0.1599.101
    
      - Security Fixes :
    
      + CVE-2013-2925: Use after free in XHR
    
      + CVE-2013-2926: Use after free in editing
    
      + CVE-2013-2927: Use after free in forms.
    
      + CVE-2013-2928: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - Update to Chromium 30.0.1599.66
    
      - Easier searching by image 
    
      - A number of new apps/extension APIs 
    
      - Lots of under the hood changes for stability and
        performance
    
      - Security fixes :
    
      + CVE-2013-2906: Races in Web Audio
    
      + CVE-2013-2907: Out of bounds read in Window.prototype
        object
    
      + CVE-2013-2908: Address bar spoofing related to the
        &ldquo;204 No Content&rdquo; status code
    
      + CVE-2013-2909: Use after free in inline-block rendering
    
      + CVE-2013-2910: Use-after-free in Web Audio
    
      + CVE-2013-2911: Use-after-free in XSLT
    
      + CVE-2013-2912: Use-after-free in PPAPI
    
      + CVE-2013-2913: Use-after-free in XML document parsing
    
      + CVE-2013-2914: Use after free in the Windows color
        chooser dialog
    
      + CVE-2013-2915: Address bar spoofing via a malformed
        scheme
    
      + CVE-2013-2916: Address bar spoofing related to the
        &ldquo;204 No Content&rdquo; status code
    
      + CVE-2013-2917: Out of bounds read in Web Audio
    
      + CVE-2013-2918: Use-after-free in DOM
    
      + CVE-2013-2919: Memory corruption in V8
    
      + CVE-2013-2920: Out of bounds read in URL parsing
    
      + CVE-2013-2921: Use-after-free in resource loader
    
      + CVE-2013-2922: Use-after-free in template element
    
      + CVE-2013-2923: Various fixes from internal audits,
        fuzzing and other initiatives 
    
      + CVE-2013-2924: Use-after-free in ICU. Upstream bug"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=847971"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854473"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-debuginfo-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debuginfo-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debugsource-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-gnome-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-kde-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-debuginfo-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-31.0.1650.63-13.7") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-debuginfo-31.0.1650.63-13.7") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-961.NASL
    descriptionChromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to &ldquo;id&rdquo; attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the &ldquo;204 No Content&rdquo; status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the &ldquo;204 No Content&rdquo; status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen2020-06-05
    modified2014-06-13
    plugin id75225
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75225
    titleopenSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-961.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75225);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2906", "CVE-2013-2907", "CVE-2013-2908", "CVE-2013-2909", "CVE-2013-2910", "CVE-2013-2911", "CVE-2013-2912", "CVE-2013-2913", "CVE-2013-2914", "CVE-2013-2915", "CVE-2013-2916", "CVE-2013-2917", "CVE-2013-2918", "CVE-2013-2919", "CVE-2013-2920", "CVE-2013-2921", "CVE-2013-2922", "CVE-2013-2923", "CVE-2013-2924", "CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631", "CVE-2013-6632");
      script_bugtraq_id(62752, 62968, 63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63673, 63674, 63675, 63676, 63677, 63678, 63679, 63729, 64354);
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)");
      script_summary(english:"Check for the openSUSE-2013-961 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chromium was updated to 31.0.1650.57: Stable channel update :
    
      - Security Fixes :
    
      - CVE-2013-6632: Multiple memory corruption issues.
    
      - Update to Chromium 31.0.1650.48 Stable Channel update :
    
      - Security fixes :
    
      - CVE-2013-6621: Use after free related to speech input
        elements..
    
      - CVE-2013-6622: Use after free related to media elements. 
    
      - CVE-2013-6623: Out of bounds read in SVG.
    
      - CVE-2013-6624: Use after free related to
        &ldquo;id&rdquo; attribute strings.
    
      - CVE-2013-6625: Use after free in DOM ranges.
    
      - CVE-2013-6626: Address bar spoofing related to
        interstitial warnings.
    
      - CVE-2013-6627: Out of bounds read in HTTP parsing.
    
      - CVE-2013-6628: Issue with certificates not being checked
        during TLS renegotiation.
    
      - CVE-2013-2931: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2013-6629: Read of uninitialized memory in libjpeg
        and libjpeg-turbo.
    
      - CVE-2013-6630: Read of uninitialized memory in
        libjpeg-turbo.
    
      - CVE-2013-6631: Use after free in libjingle.
    
      - Added patch chromium-fix-chromedriver-build.diff to fix
        the chromedriver build
    
      - Enable ARM build for Chromium. 
    
      - Added patches chromium-arm-webrtc-fix.patch,
        chromium-fix-arm-icu.patch and
        chromium-fix-arm-sysroot.patch to resolve ARM specific
        build issues
    
      - Update to Chromium 30.0.1599.114 Stable Channel update:
        fix build for 32bit systems
    
      - Drop patch chromium-fix-chromedriver-build.diff. This is
        now fixed upstream
    
      - For openSUSE versions lower than 13.1, build against the
        in-tree libicu
    
      - Update to Chromium 30.0.1599.101
    
      - Security Fixes :
    
      + CVE-2013-2925: Use after free in XHR
    
      + CVE-2013-2926: Use after free in editing
    
      + CVE-2013-2927: Use after free in forms.
    
      + CVE-2013-2928: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - Update to Chromium 30.0.1599.66
    
      - Easier searching by image 
    
      - A number of new apps/extension APIs 
    
      - Lots of under the hood changes for stability and
        performance
    
      - Security fixes :
    
      + CVE-2013-2906: Races in Web Audio
    
      + CVE-2013-2907: Out of bounds read in Window.prototype
        object
    
      + CVE-2013-2908: Address bar spoofing related to the
        &ldquo;204 No Content&rdquo; status code
    
      + CVE-2013-2909: Use after free in inline-block rendering
    
      + CVE-2013-2910: Use-after-free in Web Audio
    
      + CVE-2013-2911: Use-after-free in XSLT
    
      + CVE-2013-2912: Use-after-free in PPAPI
    
      + CVE-2013-2913: Use-after-free in XML document parsing
    
      + CVE-2013-2914: Use after free in the Windows color
        chooser dialog
    
      + CVE-2013-2915: Address bar spoofing via a malformed
        scheme
    
      + CVE-2013-2916: Address bar spoofing related to the
        &ldquo;204 No Content&rdquo; status code
    
      + CVE-2013-2917: Out of bounds read in Web Audio
    
      + CVE-2013-2918: Use-after-free in DOM
    
      + CVE-2013-2919: Memory corruption in V8
    
      + CVE-2013-2920: Out of bounds read in URL parsing
    
      + CVE-2013-2921: Use-after-free in resource loader
    
      + CVE-2013-2922: Use-after-free in template element
    
      + CVE-2013-2923: Various fixes from internal audits,
        fuzzing and other initiatives 
    
      + CVE-2013-2924: Use-after-free in ICU. Upstream bug"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-12/msg00049.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-debuginfo-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debuginfo-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debugsource-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-gnome-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-kde-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-debuginfo-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-31.0.1650.57-8.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-debuginfo-31.0.1650.57-8.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72851
    published2014-03-06
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72851
    titleGLSA-201403-01 : Chromium, V8: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201403-01.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72851);
      script_version("1.16");
      script_cvs_date("Date: 2018/10/29 10:22:58");
    
      script_cve_id("CVE-2013-2906", "CVE-2013-2907", "CVE-2013-2908", "CVE-2013-2909", "CVE-2013-2910", "CVE-2013-2911", "CVE-2013-2912", "CVE-2013-2913", "CVE-2013-2915", "CVE-2013-2916", "CVE-2013-2917", "CVE-2013-2918", "CVE-2013-2919", "CVE-2013-2920", "CVE-2013-2921", "CVE-2013-2922", "CVE-2013-2923", "CVE-2013-2925", "CVE-2013-2926", "CVE-2013-2927", "CVE-2013-2928", "CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6632", "CVE-2013-6634", "CVE-2013-6635", "CVE-2013-6636", "CVE-2013-6637", "CVE-2013-6638", "CVE-2013-6639", "CVE-2013-6640", "CVE-2013-6641", "CVE-2013-6643", "CVE-2013-6644", "CVE-2013-6645", "CVE-2013-6646", "CVE-2013-6649", "CVE-2013-6650", "CVE-2013-6652", "CVE-2013-6653", "CVE-2013-6654", "CVE-2013-6655", "CVE-2013-6656", "CVE-2013-6657", "CVE-2013-6658", "CVE-2013-6659", "CVE-2013-6660", "CVE-2013-6661", "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668", "CVE-2013-6802", "CVE-2014-1681");
      script_bugtraq_id(62752, 63024, 63025, 63026, 63028, 63667, 63669, 63670, 63671, 63672, 63674, 63675, 63677, 63678, 63727, 63729, 64078, 64354, 64805, 64981, 65168, 65172, 65232, 65699, 65779, 65930);
      script_xref(name:"GLSA", value:"201403-01");
    
      script_name(english:"GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201403-01
    (Chromium, V8: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium and V8. Please
          review the CVE identifiers and release notes referenced below for
          details.
      
    Impact :
    
        A context-dependent attacker could entice a user to open a specially
          crafted website or JavaScript program using Chromium or V8, possibly
          resulting in the execution of arbitrary code with the privileges of the
          process or a Denial of Service condition. Furthermore, a remote attacker
          may be able to bypass security restrictions or have other unspecified
          impact.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201403-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/chromium-33.0.1750.146'
        Gentoo has discontinued support for separate V8 package. We recommend
          that users unmerge V8:
          # emerge --unmerge 'dev-lang/v8'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 33.0.1750.146"), vulnerable:make_list("lt 33.0.1750.146"))) flag++;
    if (qpkg_check(package:"dev-lang/v8", unaffected:make_list(), vulnerable:make_list("lt 3.20.17.13"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8");
    }
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_31_0_1650_48.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements,
    last seen2020-06-01
    modified2020-06-02
    plugin id70916
    published2013-11-14
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70916
    titleGoogle Chrome < 31.0.1650.48 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70916);
      script_version("1.14");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-2931",
        "CVE-2013-6621",
        "CVE-2013-6622",
        "CVE-2013-6623",
        "CVE-2013-6624",
        "CVE-2013-6625",
        "CVE-2013-6626",
        "CVE-2013-6627",
        "CVE-2013-6628",
        "CVE-2013-6629",
        "CVE-2013-6630",
        "CVE-2013-6631"
      );
      script_bugtraq_id(
        63667,
        63669,
        63670,
        63671,
        63672,
        63673,
        63674,
        63675,
        63676,
        63677,
        63678,
        63679
      );
    
      script_name(english:"Google Chrome < 31.0.1650.48 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is a version
    prior to 31.0.1650.48.  It is, therefore, affected by multiple
    vulnerabilities :
    
      - Various, unspecified errors exist. (CVE-2013-2931)
    
      - Use-after-free errors exist related to speech input
        elements, media elements, 'id' attribute strings, DOM
        ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622,
        CVE-2013-6624, CVE-2013-6625, CVE-2013-6631)
    
      - Out-of-bounds read errors exist in SVG and HTTP
        parsing. (CVE-2013-6623, CVE-2013-6627)
    
      - An address bar URI-spoofing vulnerability exists that
        is related to interstitial warnings. (CVE-2013-6626)
    
      - A certificate validation security bypass issue exists
        during TLS renegotiation. (CVE-2013-6628)
    
      - A memory corruption error exists in the libjpeg and
        libjpeg-turbo libraries when memory is uninitialized
        when decoding images with missing SOS data.
        (CVE-2013-6629)
    
      - A memory corruption error exists in the 'jdmarker.c'
        source file in the libjpeg-turbo library when processing
        Huffman tables. (CVE-2013-6630)");
      # http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0a7b53d");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 31.0.1650.48 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2931");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    # Check each installation.
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    installs = get_kb_list("SMB/Google_Chrome/*");
    
    google_chrome_check_version(installs:installs, fix:'31.0.1650.48', severity:SECURITY_HOLE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-904.NASL
    descriptionChromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 (bnc#850430) Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to &ldquo;id&rdquo; attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build
    last seen2020-06-05
    modified2014-06-13
    plugin id75213
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75213
    titleopenSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-904.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75213);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2931", "CVE-2013-6621", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6624", "CVE-2013-6625", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-6628", "CVE-2013-6629", "CVE-2013-6630", "CVE-2013-6631", "CVE-2013-6632");
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)");
      script_summary(english:"Check for the openSUSE-2013-904 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chromium was updated to 31.0.1650.57: Stable channel update :
    
      - Security Fixes :
    
      - CVE-2013-6632: Multiple memory corruption issues.
    
      - Update to Chromium 31.0.1650.48 (bnc#850430) Stable
        Channel update :
    
      - Security fixes :
    
      - CVE-2013-6621: Use after free related to speech input
        elements..
    
      - CVE-2013-6622: Use after free related to media elements. 
    
      - CVE-2013-6623: Out of bounds read in SVG.
    
      - CVE-2013-6624: Use after free related to
        &ldquo;id&rdquo; attribute strings.
    
      - CVE-2013-6625: Use after free in DOM ranges.
    
      - CVE-2013-6626: Address bar spoofing related to
        interstitial warnings.
    
      - CVE-2013-6627: Out of bounds read in HTTP parsing.
    
      - CVE-2013-6628: Issue with certificates not being checked
        during TLS renegotiation.
    
      - CVE-2013-2931: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2013-6629: Read of uninitialized memory in libjpeg
        and libjpeg-turbo.
    
      - CVE-2013-6630: Read of uninitialized memory in
        libjpeg-turbo.
    
      - CVE-2013-6631: Use after free in libjingle.
    
      - Added patch chromium-fix-chromedriver-build.diff to fix
        the chromedriver build"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=850430"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-11/msg00108.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-debuginfo-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-debuginfo-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-debugsource-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-gnome-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-kde-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-ffmpegsumo-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-ffmpegsumo-debuginfo-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-31.0.1650.57-1.54.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-debuginfo-31.0.1650.57-1.54.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    

Oval

accepted2013-12-23T04:00:42.648-05:00
classvulnerability
contributors
nameShane Shaffer
organizationG2, Inc.
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionThe WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
familywindows
idoval:org.mitre.oval:def:18401
statusaccepted
submitted2013-11-14T09:33:27.010-05:00
titleThe WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning
version40