Vulnerabilities > CVE-2014-1742 - Resource Management Errors vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2298-1.NASL description A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731) Multiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162) Multiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740) Multiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741) Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743) An integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744) An out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746) It was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748) An integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3152) A use-after-free was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3154) A security issue was discovered in the SPDY implementation. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3155) A heap overflow was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3157) It was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160) It was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76756 published 2014-07-24 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76756 title Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2298-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(76756); script_version("1.14"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1735", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1746", "CVE-2014-1748", "CVE-2014-3152", "CVE-2014-3154", "CVE-2014-3155", "CVE-2014-3157", "CVE-2014-3160", "CVE-2014-3162", "CVE-2014-3803"); script_bugtraq_id(67082, 67374, 67375, 67376, 67517, 67572, 67582, 67972, 67977, 67980, 68677); script_xref(name:"USN", value:"2298-1"); script_name(english:"Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731) Multiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162) Multiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740) Multiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741) Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743) An integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744) An out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746) It was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748) An integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3152) A use-after-free was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3154) A security issue was discovered in the SPDY implementation. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3155) A heap overflow was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3157) It was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160) It was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2298-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected liboxideqtcore0, oxideqt-codecs and / or oxideqt-codecs-extra packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/26"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"liboxideqtcore0", pkgver:"1.0.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"oxideqt-codecs", pkgver:"1.0.4-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"oxideqt-codecs-extra", pkgver:"1.0.4-0ubuntu0.14.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CDF450FCDB5211E3A9FC00262D5ED8EE.NASL description Google Chrome Releases reports : 3 security fixes in this release : - [358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. - [349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. - [356690] High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer. last seen 2020-06-01 modified 2020-06-02 plugin id 74019 published 2014-05-15 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74019 title FreeBSD : chromium -- multiple vulnerabilities (cdf450fc-db52-11e3-a9fc-00262d5ed8ee) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2014 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(74019); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2014/05/23 18:29:32 $"); script_cve_id("CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (cdf450fc-db52-11e3-a9fc-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : 3 security fixes in this release : - [358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. - [349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. - [356690] High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer." ); script_set_attribute( attribute:"see_also", value:"http://googlechromereleases.blogspot.nl/" ); # http://www.freebsd.org/ports/portaudit/cdf450fc-db52-11e3-a9fc-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a5be66be" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<34.0.1847.137")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2930.NASL description Several vulnerabilties have been discovered in the chromium web browser. - CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium last seen 2020-03-17 modified 2014-05-19 plugin id 74044 published 2014-05-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74044 title Debian DSA-2930-1 : chromium-browser - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2930. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(74044); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26"); script_cve_id("CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742"); script_bugtraq_id(67374, 67375, 67376); script_xref(name:"DSA", value:"2930"); script_name(english:"Debian DSA-2930-1 : chromium-browser - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the chromium web browser. - CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation. - CVE-2014-1741 John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation. - CVE-2014-1742 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit text editing feature." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1740" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1741" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1742" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/chromium-browser" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2930" ); script_set_attribute( attribute:"solution", value: "Upgrade the chromium-browser packages. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.137-1~deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-browser"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"chromium", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-dbg", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-inspector", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-l10n", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-dbg", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-inspector", reference:"34.0.1847.137-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"chromium-l10n", reference:"34.0.1847.137-1~deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id GOOGLE_CHROME_34_0_1847_137.NASL description The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0510) - An unspecified error exists in the included Flash version that could allow a bypass of the same origin policy. (CVE-2014-0516) - Several security bypass errors exist in the included Flash version. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 74008 published 2014-05-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74008 title Google Chrome < 34.0.1847.137 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74008); script_version("1.16"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-0510", "CVE-2014-0516", "CVE-2014-0517", "CVE-2014-0518", "CVE-2014-0519", "CVE-2014-0520", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742" ); script_bugtraq_id( 66241, 67361, 67364, 67371, 67372, 67373, 67374, 67375, 67376 ); script_name(english:"Google Chrome < 34.0.1847.137 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0510) - An unspecified error exists in the included Flash version that could allow a bypass of the same origin policy. (CVE-2014-0516) - Several security bypass errors exist in the included Flash version. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) - Use-after-free errors exist related to 'WebSockets' and 'editing'. (CVE-2014-1740, CVE-2014-1742) - An integer overflow error exists related to DOM ranges. (CVE-2014-1741) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34109980"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-14.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 34.0.1847.137 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0510"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'34.0.1847.137', severity:SECURITY_HOLE);NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_34_0_1847_137.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0510) - An unspecified error exists in the included Flash version that could allow a bypass of the same origin policy. (CVE-2014-0516) - Several security bypass errors exist in the included Flash version. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 74009 published 2014-05-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74009 title Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74009); script_version("1.16"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-0510", "CVE-2014-0516", "CVE-2014-0517", "CVE-2014-0518", "CVE-2014-0519", "CVE-2014-0520", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742" ); script_bugtraq_id( 66241, 67361, 67364, 67371, 67372, 67373, 67374, 67375, 67376 ); script_name(english:"Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0510) - An unspecified error exists in the included Flash version that could allow a bypass of the same origin policy. (CVE-2014-0516) - Several security bypass errors exist in the included Flash version. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) - Use-after-free errors exist related to 'WebSockets' and 'editing'. (CVE-2014-1740, CVE-2014-1742) - An integer overflow error exists related to DOM ranges. (CVE-2014-1741) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34109980"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-14.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 34.0.1847.137 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0510"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("MacOSX/Google Chrome/Installed"); google_chrome_check_version(fix:'34.0.1847.137', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-420.NASL description chromium was updated to version 35.0.1916.114 to fix various security issues. Security fixes : - CVE-2014-1743: Use-after-free in styles - CVE-2014-1744: Integer overflow in audio - CVE-2014-1745: Use-after-free in SVG - CVE-2014-1746: Out-of-bounds read in media filters - CVE-2014-1747: UXSS with local MHTML file - CVE-2014-1748: UI spoofing with scrollbar - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives - CVE-2014-3152: Integer underflow in V8 fixed - CVE-2014-1740: Use-after-free in WebSockets - CVE-2014-1741: Integer overflow in DOM range - CVE-2014-1742: Use-after-free in editing and 17 more for which no detailed information is given. last seen 2020-06-05 modified 2014-06-13 plugin id 75387 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75387 title openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-420. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75387); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152"); script_bugtraq_id(67374, 67375, 67376, 67517, 71464); script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)"); script_summary(english:"Check for the openSUSE-2014-420 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "chromium was updated to version 35.0.1916.114 to fix various security issues. Security fixes : - CVE-2014-1743: Use-after-free in styles - CVE-2014-1744: Integer overflow in audio - CVE-2014-1745: Use-after-free in SVG - CVE-2014-1746: Out-of-bounds read in media filters - CVE-2014-1747: UXSS with local MHTML file - CVE-2014-1748: UI spoofing with scrollbar - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives - CVE-2014-3152: Integer underflow in V8 fixed - CVE-2014-1740: Use-after-free in WebSockets - CVE-2014-1741: Integer overflow in DOM range - CVE-2014-1742: Use-after-free in editing and 17 more for which no detailed information is given." ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-debugsource-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-gnome-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-kde-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-debuginfo-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-debugsource-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-debugsource-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-gnome-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-kde-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-debuginfo-35.0.1916.114-37.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-16.NASL description The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77460 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77460 title GLSA-201408-16 : Chromium: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201408-16. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(77460); script_version("1.14"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2014-0538", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1714", "CVE-2014-1715", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3154", "CVE-2014-3155", "CVE-2014-3156", "CVE-2014-3157", "CVE-2014-3160", "CVE-2014-3162", "CVE-2014-3165", "CVE-2014-3166", "CVE-2014-3167", "CVE-2014-3168", "CVE-2014-3169", "CVE-2014-3170", "CVE-2014-3171", "CVE-2014-3172", "CVE-2014-3173", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3176", "CVE-2014-3177"); script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407); script_xref(name:"GLSA", value:"201408-16"); script_name(english:"GLSA-201408-16 : Chromium: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201408-16" ); script_set_attribute( attribute:"solution", value: "All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-37.0.2062.94'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 37.0.2062.94"), vulnerable:make_list("lt 37.0.2062.94"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium"); }
References
- http://www.debian.org/security/2014/dsa-2930
- https://src.chromium.org/viewvc/blink?revision=171440&view=revision
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html
- http://secunia.com/advisories/60372
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/59155
- http://www.securityfocus.com/bid/67375
- http://www.securitytracker.com/id/1030240
- https://code.google.com/p/chromium/issues/detail?id=356690