Vulnerabilities > CVE-2013-6653 - Resource Management Errors vulnerability in Google Chrome

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
google
CWE-399
nessus

Summary

Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.

Vulnerable Configurations

Part Description Count
Application
Google
3437

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_33_0_1750_117.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities : - An error exists related to relative path in Windows sandbox named pipe policy. (CVE-2013-6652) - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658) - A casting error exists related to SVG processing. (CVE-2013-6654) - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657) - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659) - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661)
    last seen2020-06-01
    modified2020-06-02
    plugin id72616
    published2014-02-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72616
    titleGoogle Chrome < 33.0.1750.117 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-182.NASL
    descriptionChromium was updated to 33.0.1750.117 Stable channel update : - Security Fixes : - CVE-2013-6653: Use-after-free related to web contents - CVE-2013-6654: Bad cast in SVG - CVE-2013-6655: Use-after-free in layout - CVE-2013-6656: Information leak in XSS auditor - CVE-2013-6657: Information leak in XSS auditor - CVE-2013-6658: Use-after-free in layout - CVE-2013-6659: Issue with certificates validation in TLS handshake - CVE-2013-6660: Information leak in drag and drop - CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. - Other : - Google Chrome Frame has been retired
    last seen2020-06-05
    modified2014-06-13
    plugin id75275
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75275
    titleopenSUSE Security Update : chromium (openSUSE-SU-2014:0327-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9DD47FA39D5311E3B20F00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 28 security fixes in this release, including : - [334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. - [331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. - [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. - [293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. - [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. - [331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil. - [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. - [306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. - [332579] Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. - [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.
    last seen2020-06-01
    modified2020-06-02
    plugin id72676
    published2014-02-25
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72676
    titleFreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2883.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium
    last seen2020-03-17
    modified2014-03-25
    plugin id73164
    published2014-03-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73164
    titleDebian DSA-2883-1 : chromium-browser - security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72851
    published2014-03-06
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72851
    titleGLSA-201403-01 : Chromium, V8: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_33_0_1750_117.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658) - A casting error exists related to SVG processing. (CVE-2013-6654) - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657) - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659) - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661)
    last seen2020-06-01
    modified2020-06-02
    plugin id72617
    published2014-02-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72617
    titleGoogle Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65699 CVE(CAN) ID: CVE-2013-6652,CVE-2013-6653,CVE-2013-6654,CVE-2013-6655,CVE-2013-6656,CVE-2013-6657,CVE-2013-6658,CVE-2013-6659,CVE-2013-6660,CVE-2013-6661 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.117之前版本在实现上存在多个安全漏洞,攻击者可利用这些漏洞在受影响浏览器上下文中执行任意代码、绕过安全限制、获取敏感信息、造成拒绝服务等。 0 Google Chrome &lt; 33.0.1750.117 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com
idSSV:61539
last seen2017-11-19
modified2014-02-24
published2014-02-24
reporterRoot
titleGoogle Chrome 33.0.1750.117之前版本多个安全漏洞