Vulnerabilities > CVE-2013-6659 - Cryptographic Issues vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Windows NASL id GOOGLE_CHROME_33_0_1750_117.NASL description The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities : - An error exists related to relative path in Windows sandbox named pipe policy. (CVE-2013-6652) - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658) - A casting error exists related to SVG processing. (CVE-2013-6654) - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657) - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659) - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661) last seen 2020-06-01 modified 2020-06-02 plugin id 72616 published 2014-02-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72616 title Google Chrome < 33.0.1750.117 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-182.NASL description Chromium was updated to 33.0.1750.117 Stable channel update : - Security Fixes : - CVE-2013-6653: Use-after-free related to web contents - CVE-2013-6654: Bad cast in SVG - CVE-2013-6655: Use-after-free in layout - CVE-2013-6656: Information leak in XSS auditor - CVE-2013-6657: Information leak in XSS auditor - CVE-2013-6658: Use-after-free in layout - CVE-2013-6659: Issue with certificates validation in TLS handshake - CVE-2013-6660: Information leak in drag and drop - CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. - Other : - Google Chrome Frame has been retired last seen 2020-06-05 modified 2014-06-13 plugin id 75275 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75275 title openSUSE Security Update : chromium (openSUSE-SU-2014:0327-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9DD47FA39D5311E3B20F00262D5ED8EE.NASL description Google Chrome Releases reports : 28 security fixes in this release, including : - [334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. - [331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. - [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. - [293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. - [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. - [331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil. - [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. - [306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. - [332579] Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. - [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. last seen 2020-06-01 modified 2020-06-02 plugin id 72676 published 2014-02-25 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72676 title FreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2883.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium last seen 2020-03-17 modified 2014-03-25 plugin id 73164 published 2014-03-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73164 title Debian DSA-2883-1 : chromium-browser - security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201403-01.NASL description The remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72851 published 2014-03-06 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72851 title GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_33_0_1750_117.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.117. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling web components and layout. (CVE-2013-6653, CVE-2013-6655, CVE-2013-6658) - A casting error exists related to SVG processing. (CVE-2013-6654) - Errors exist related to the XSS auditor that could lead to disclosure of information. (CVE-2013-6656, CVE-2013-6657) - An error exists related to certificate validation and TLS handshake processing. (CVE-2013-6659) - An error exists related to drag and drop handling that could lead to disclosure of information. (CVE-2013-6660) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6661) last seen 2020-06-01 modified 2020-06-02 plugin id 72617 published 2014-02-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72617 title Google Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65699 CVE(CAN) ID: CVE-2013-6652,CVE-2013-6653,CVE-2013-6654,CVE-2013-6655,CVE-2013-6656,CVE-2013-6657,CVE-2013-6658,CVE-2013-6659,CVE-2013-6660,CVE-2013-6661 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.117之前版本在实现上存在多个安全漏洞,攻击者可利用这些漏洞在受影响浏览器上下文中执行任意代码、绕过安全限制、获取敏感信息、造成拒绝服务等。 0 Google Chrome < 33.0.1750.117 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com |
| id | SSV:61539 |
| last seen | 2017-11-19 |
| modified | 2014-02-24 |
| published | 2014-02-24 |
| reporter | Root |
| title | Google Chrome 33.0.1750.117之前版本多个安全漏洞 |
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision