Vulnerabilities > CVE-2013-6667 - Multiple Security vulnerability in Google Chrome Prior to 33.0.1750.146

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
google
nessus
NVD
Published: 2014-03-05
Updated: 2017-01-07

Summary

Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Google
3446

Nessus

  • NASL familyWindows
    NASL idOPERA_2000.NASL
    descriptionThe version of Opera installed on the remote host is a version prior to version 20. It is, therefore, reportedly affected by multiple unspecified vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id72884
    published2014-03-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72884
    titleOpera < 20 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72884);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2013-6663",
    "CVE-2013-6664",
    "CVE-2013-6665",
    "CVE-2013-6666",
    "CVE-2013-6667",
    "CVE-2013-6668"
  );
  script_bugtraq_id(65966);

  script_name(english:"Opera < 20 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is a version prior
to version 20. It is, therefore, reportedly affected by multiple
unspecified vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170922102137/http://www.opera.com:80/docs/changelogs/unified/2000/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Opera 20 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6668");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("SMB/Opera/Version");
path = get_kb_item_or_exit("SMB/Opera/Path");

version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui;

if (get_kb_item("SMB/Opera/supported_classic_branch"))
  audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);

fixed_version = "20.0.1387.64";

# Check if we need to display full version info in case of Alpha/Beta/RC
major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
if (major_minor[1] == "20.0")
{
  fixed_version_report = fixed_version;
  version_report = version;
}
else fixed_version_report = "20.0";

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : ' + fixed_version_report +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B4023753A4BA11E3BEC200262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 19 vulnerabilities fixed in this release, including : - [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - [326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - [337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - [332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10.
    last seen2020-06-01
    modified2020-06-02
    plugin id72850
    published2014-03-06
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72850
    titleFreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2014 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(72850);
  script_version("$Revision: 1.3 $");
  script_cvs_date("$Date: 2014/03/15 02:06:32 $");

  script_cve_id("CVE-2013-6663", "CVE-2013-6664", "CVE-2013-6665", "CVE-2013-6666", "CVE-2013-6667", "CVE-2013-6668");

  script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)");
  script_summary(english:"Checks for updated package in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote FreeBSD host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Google Chrome Releases reports :

19 vulnerabilities fixed in this release, including :

- [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to
Atte Kettunen of OUSPG.

- [326854] High CVE-2013-6664: Use-after-free in speech recognition.
Credit to Khalil Zhani.

- [337882] High CVE-2013-6665: Heap buffer overflow in software
rendering. Credit to cloudfuzzer.

- [332023] Medium CVE-2013-6666: Chrome allows requests in flash
header request. Credit to netfuzzerr.

- [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing
and other initiatives.

- [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in
V8 fixed in version 3.24.35.10."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://googlechromereleases.blogspot.nl/"
  );
  # http://www.freebsd.org/ports/portaudit/b4023753-a4ba-11e3-bec2-00262d5ed8ee.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9b64fb7a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"chromium<33.0.1750.146")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2883.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium
    last seen2020-03-17
    modified2014-03-25
    plugin id73164
    published2014-03-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73164
    titleDebian DSA-2883-1 : chromium-browser - security update
  • NASL familyWindows
    NASL idGOOGLE_CHROME_33_0_1750_146.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668)
    last seen2020-06-01
    modified2020-06-02
    plugin id72800
    published2014-03-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72800
    titleGoogle Chrome < 33.0.1750.146 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-01 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72851
    published2014-03-06
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72851
    titleGLSA-201403-01 : Chromium, V8: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_33_0_1750_146.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. (CVE-2013-6663, CVE-2013-6664) - An error exists related to software rendering that could allow heap-based buffer overflows. (CVE-2013-6665) - An error exists related to Flash header requests. (CVE-2013-6666) - Various unspecified errors exist having unspecified impacts. (CVE-2013-6667) - Unspecified errors exist related to the V8 JavaScript engine that could have unspecified impacts. (CVE-2013-6668)
    last seen2020-06-01
    modified2020-06-02
    plugin id72801
    published2014-03-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72801
    titleGoogle Chrome < 33.0.1750.146 Multiple Vulnerabilities (Mac OS X)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65930 CVE(CAN) ID: CVE-2013-6663,CVE-2013-6664,CVE-2013-6665,CVE-2013-6666,CVE-2013-6667,CVE-2013-6668 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.146之前版本在实现上存在多个漏洞,成功利用后可使恶意用户绕过某些安全限制并控制用户系统。 1、处理SVG图形时存在释放后重利用错误。 2、语音识别内存在释放后重利用错误。 3、处理软件渲染时存在错误,可导致堆缓冲区溢出。 4、语音没有正确限制flash报文头请求内的请求。 5、存在V8相关漏洞。 0 Google Chrome &lt; 33.0.1750.146 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html
idSSV:61657
last seen2017-11-19
modified2014-03-05
published2014-03-05
reporterRoot
titleGoogle Chrome 33.0.1750.146之前版本多个安全漏洞

References