Vulnerabilities > CVE-2013-6664 - Resource Management Errors vulnerability in Google Chrome

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
google
CWE-399
nessus

Summary

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature.

Vulnerable Configurations

Part Description Count
Application
Google
3446

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idOPERA_2000.NASL
    descriptionThe version of Opera installed on the remote host is a version prior to version 20. It is, therefore, reportedly affected by multiple unspecified vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id72884
    published2014-03-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72884
    titleOpera < 20 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72884);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2013-6663",
        "CVE-2013-6664",
        "CVE-2013-6665",
        "CVE-2013-6666",
        "CVE-2013-6667",
        "CVE-2013-6668"
      );
      script_bugtraq_id(65966);
    
      script_name(english:"Opera < 20 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Opera");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Opera installed on the remote host is a version prior
    to version 20. It is, therefore, reportedly affected by multiple
    unspecified vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170922102137/http://www.opera.com:80/docs/changelogs/unified/2000/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Opera 20 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6668");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("opera_installed.nasl");
      script_require_keys("SMB/Opera/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("SMB/Opera/Version");
    path = get_kb_item_or_exit("SMB/Opera/Path");
    
    version_ui = get_kb_item("SMB/Opera/Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui;
    
    if (get_kb_item("SMB/Opera/supported_classic_branch"))
      audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
    
    fixed_version = "20.0.1387.64";
    
    # Check if we need to display full version info in case of Alpha/Beta/RC
    major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
    if (major_minor[1] == "20.0")
    {
      fixed_version_report = fixed_version;
      version_report = version;
    }
    else fixed_version_report = "20.0";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fixed_version_report +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B4023753A4BA11E3BEC200262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 19 vulnerabilities fixed in this release, including : - [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - [326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - [337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - [332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10.
    last seen2020-06-01
    modified2020-06-02
    plugin id72850
    published2014-03-06
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72850
    titleFreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2014 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72850);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2014/03/15 02:06:32 $");
    
      script_cve_id("CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668");
    
      script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Google Chrome Releases reports :
    
    19 vulnerabilities fixed in this release, including :
    
    - [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to
    Atte Kettunen of OUSPG.
    
    - [326854] High CVE-2013-6664: Use-after-free in speech recognition.
    Credit to Khalil Zhani.
    
    - [337882] High CVE-2013-6665: Heap buffer overflow in software
    rendering. Credit to cloudfuzzer.
    
    - [332023] Medium CVE-2013-6666: Chrome allows requests in flash
    header request. Credit to netfuzzerr.
    
    - [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing
    and other initiatives.
    
    - [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in
    V8 fixed in version 3.24.35.10."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://googlechromereleases.blogspot.nl/"
      );
      # http://www.freebsd.org/ports/portaudit/b4023753-a4ba-11e3-bec2-00262d5ed8ee.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9b64fb7a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"chromium<33.0.1750.146")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2883.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium
    last seen2020-03-17
    modified2014-03-25
    plugin id73164
    published2014-03-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73164
    titleDebian DSA-2883-1 : chromium-browser - security update
  • NASL familyWindows
    NASL idGOOGLE_CHROME_33_0_1750_146.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668)
    last seen2020-06-01
    modified2020-06-02
    plugin id72800
    published2014-03-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72800
    titleGoogle Chrome < 33.0.1750.146 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72851
    published2014-03-06
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72851
    titleGLSA-201403-01 : Chromium, V8: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_33_0_1750_146.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668)
    last seen2020-06-01
    modified2020-06-02
    plugin id72801
    published2014-03-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72801
    titleGoogle Chrome < 33.0.1750.146 Multiple Vulnerabilities (Mac OS X)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65930 CVE(CAN) ID: CVE-2013-6663,CVE-2013-6664,CVE-2013-6665,CVE-2013-6666,CVE-2013-6667,CVE-2013-6668 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.146之前版本在实现上存在多个漏洞,成功利用后可使恶意用户绕过某些安全限制并控制用户系统。 1、处理SVG图形时存在释放后重利用错误。 2、语音识别内存在释放后重利用错误。 3、处理软件渲染时存在错误,可导致堆缓冲区溢出。 4、语音没有正确限制flash报文头请求内的请求。 5、存在V8相关漏洞。 0 Google Chrome &lt; 33.0.1750.146 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html
idSSV:61657
last seen2017-11-19
modified2014-03-05
published2014-03-05
reporterRoot
titleGoogle Chrome 33.0.1750.146之前版本多个安全漏洞