Vulnerabilities > CVE-2013-6664 - Resource Management Errors vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id OPERA_2000.NASL description The version of Opera installed on the remote host is a version prior to version 20. It is, therefore, reportedly affected by multiple unspecified vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 72884 published 2014-03-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72884 title Opera < 20 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72884); script_version("1.9"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668" ); script_bugtraq_id(65966); script_name(english:"Opera < 20 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host is a version prior to version 20. It is, therefore, reportedly affected by multiple unspecified vulnerabilities."); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170922102137/http://www.opera.com:80/docs/changelogs/unified/2000/"); script_set_attribute(attribute:"solution", value: "Upgrade to Opera 20 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6668"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/04"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Opera/Version"); path = get_kb_item_or_exit("SMB/Opera/Path"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; if (get_kb_item("SMB/Opera/supported_classic_branch")) audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path); fixed_version = "20.0.1387.64"; # Check if we need to display full version info in case of Alpha/Beta/RC major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)"); if (major_minor[1] == "20.0") { fixed_version_report = fixed_version; version_report = version; } else fixed_version_report = "20.0"; if (ver_compare(ver:version, fix:fixed_version) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fixed_version_report + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B4023753A4BA11E3BEC200262D5ED8EE.NASL description Google Chrome Releases reports : 19 vulnerabilities fixed in this release, including : - [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - [326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - [337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - [332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10. last seen 2020-06-01 modified 2020-06-02 plugin id 72850 published 2014-03-06 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72850 title FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2014 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(72850); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2014/03/15 02:06:32 $"); script_cve_id("CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : 19 vulnerabilities fixed in this release, including : - [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - [326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - [337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - [332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10." ); script_set_attribute( attribute:"see_also", value:"http://googlechromereleases.blogspot.nl/" ); # http://www.freebsd.org/ports/portaudit/b4023753-a4ba-11e3-bec2-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9b64fb7a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<33.0.1750.146")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2883.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium last seen 2020-03-17 modified 2014-03-25 plugin id 73164 published 2014-03-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73164 title Debian DSA-2883-1 : chromium-browser - security update NASL family Windows NASL id GOOGLE_CHROME_33_0_1750_146.NASL description The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668) last seen 2020-06-01 modified 2020-06-02 plugin id 72800 published 2014-03-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72800 title Google Chrome < 33.0.1750.146 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201403-01.NASL description The remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72851 published 2014-03-06 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72851 title GLSA-201403-01 : Chromium, V8: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_33_0_1750_146.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668) last seen 2020-06-01 modified 2020-06-02 plugin id 72801 published 2014-03-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72801 title Google Chrome < 33.0.1750.146 Multiple Vulnerabilities (Mac OS X)
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 65930 CVE(CAN) ID: CVE-2013-6663,CVE-2013-6664,CVE-2013-6665,CVE-2013-6666,CVE-2013-6667,CVE-2013-6668 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.146之前版本在实现上存在多个漏洞,成功利用后可使恶意用户绕过某些安全限制并控制用户系统。 1、处理SVG图形时存在释放后重利用错误。 2、语音识别内存在释放后重利用错误。 3、处理软件渲染时存在错误,可导致堆缓冲区溢出。 4、语音没有正确限制flash报文头请求内的请求。 5、存在V8相关漏洞。 0 Google Chrome < 33.0.1750.146 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html |
id | SSV:61657 |
last seen | 2017-11-19 |
modified | 2014-03-05 |
published | 2014-03-05 |
reporter | Root |
title | Google Chrome 33.0.1750.146之前版本多个安全漏洞 |