Vulnerabilities > CVE-2014-1703 - Resource Management Errors vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_33_0_1750_149.NASL description The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.149. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 72939 published 2014-03-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72939 title Google Chrome < 33.0.1750.149 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2883.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium last seen 2020-03-17 modified 2014-03-25 plugin id 73164 published 2014-03-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73164 title Debian DSA-2883-1 : chromium-browser - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_24CEFA4BA94011E391F200262D5ED8EE.NASL description Google Chrome Releases reports : 7 vulnerabilities fixed in this release, including : - [344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. - [342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs. - [333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. - [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18. last seen 2020-06-01 modified 2020-06-02 plugin id 72955 published 2014-03-12 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72955 title FreeBSD : www/chromium --multiple vulnerabilities (24cefa4b-a940-11e3-91f2-00262d5ed8ee) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-280.NASL description Chromium was updated to the 33.0.1750.152 stable channel uodate : - Security fixes : - CVE-2014-1713: Use-after-free in Blink bindings - CVE-2014-1714: Windows clipboard vulnerability - CVE-2014-1705: Memory corruption in V8 - CVE-2014-1715: Directory traversal issue Previous stable channel update 33.0.1750.149 : - Security fixes : - CVE-2014-1700: Use-after-free in speech - CVE-2014-1701: UXSS in events - CVE-2014-1702: Use-after-free in web database - CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 last seen 2020-06-05 modified 2014-06-13 plugin id 75318 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75318 title openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_33_0_1750_149.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.149. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 72940 published 2014-03-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72940 title Google Chrome < 33.0.1750.149 Multiple Vulnerabilities (Mac OS X) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-16.NASL description The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77460 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77460 title GLSA-201408-16 : Chromium: Multiple vulnerabilities
References
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=338354
- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- https://src.chromium.org/viewvc/chrome?revision=247627&view=revision
- http://www.securitytracker.com/id/1029914
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html