Vulnerabilities > CVE-2014-1745 - Resource Management Errors vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id OPERA_2200.NASL description The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium : - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 74362 published 2014-06-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74362 title Opera < 22 Multiple Chromium Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74362); script_version("1.10"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152", "CVE-2014-3803" ); script_bugtraq_id(67237, 67517, 67582); script_name(english:"Opera < 22 Multiple Chromium Vulnerabilities"); script_summary(english:"Checks version number of Opera."); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium : - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745) - An integer overflow error exists related to audio handling. (CVE-2014-1744) - An out-of-bounds read error exists related to media filters. (CVE-2014-1746) - A user-input validation error exists related to handling local MHTML files that could allow for universal cross-site scripting (UXSS) attacks. (CVE-2014-1747) - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748) - Various unspecified errors. (CVE-2014-1749) - An integer underflow error exists related to the V8 JavaScript engine that could allow a denial of service condition. (CVE-2014-3152) - An error exists related to the 'Blick' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://blogs.opera.com/desktop/changelog22/"); # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2da726ba"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/"); script_set_attribute(attribute:"solution", value: "Upgrade to Opera 22 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3152"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version", "SMB/Opera/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Opera/Version"); path = get_kb_item_or_exit("SMB/Opera/Path"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; if (get_kb_item("SMB/Opera/supported_classic_branch")) audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path); fixed_version = "22.0.1471.50"; # Check if we need to display full version info in case of Alpha/Beta/RC major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)"); if (major_minor[1] == "22.0") { fixed_version_report = fixed_version; version_report = version; } else fixed_version_report = "22.0"; if (ver_compare(ver:version, fix:fixed_version) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fixed_version_report + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL description Google Chrome Releases reports : 23 security fixes in this release, including : - [356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. - [359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. - [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. - [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. - [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. - [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. - [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. last seen 2020-06-01 modified 2020-06-02 plugin id 74114 published 2014-05-21 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74114 title FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2014 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(74114); script_version("$Revision: 1.5 $"); script_cvs_date("$Date: 2014/06/14 00:01:14 $"); script_cve_id("CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : 23 security fixes in this release, including : - [356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. - [359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. - [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. - [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. - [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. - [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. - [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16." ); script_set_attribute( attribute:"see_also", value:"http://googlechromereleases.blogspot.nl/" ); # http://www.freebsd.org/ports/portaudit/64f3872b-e05d-11e3-9dd4-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9f712737" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<35.0.1916.114")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2939.NASL description Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. - CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. - CVE-2014-1745 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. - CVE-2014-1746 Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. - CVE-2014-1747 packagesu discovered a cross-site scripting issue involving malformed MHTML files. - CVE-2014-1748 Jordan Milne discovered a user interface spoofing issue. - CVE-2014-1749 The Google Chrome development team discovered and fixed multiple issues with potential security impact. - CVE-2014-3152 An integer underflow issue was discovered in the v8 JavaScript library. last seen 2020-03-17 modified 2014-06-02 plugin id 74256 published 2014-06-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74256 title Debian DSA-2939-1 : chromium-browser - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2939. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(74256); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152"); script_bugtraq_id(67517); script_xref(name:"DSA", value:"2939"); script_name(english:"Debian DSA-2939-1 : chromium-browser - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. - CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. - CVE-2014-1745 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. - CVE-2014-1746 Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. - CVE-2014-1747 packagesu discovered a cross-site scripting issue involving malformed MHTML files. - CVE-2014-1748 Jordan Milne discovered a user interface spoofing issue. - CVE-2014-1749 The Google Chrome development team discovered and fixed multiple issues with potential security impact. - CVE-2014-3152 An integer underflow issue was discovered in the v8 JavaScript library." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1743" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1744" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1745" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1746" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1747" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1748" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1749" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3152" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/chromium-browser" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2939" ); script_set_attribute( attribute:"solution", value: "Upgrade the chromium-browser packages. For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.114-1~deb7u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-browser"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"chromium", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-dbg", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-inspector", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-browser-l10n", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-dbg", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-inspector", reference:"35.0.1916.114-1~deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"chromium-l10n", reference:"35.0.1916.114-1~deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_35_0_1916_114.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 74123 published 2014-05-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74123 title Google Chrome < 35.0.1916.114 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74123); script_version("1.12"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152", "CVE-2014-3803" ); script_bugtraq_id(67517, 67582); script_name(english:"Google Chrome < 35.0.1916.114 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version number of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745) - An integer overflow error exists related to audio handling. (CVE-2014-1744) - An out-of-bounds read error exists related to media filters. (CVE-2014-1746) - A user-input validation error exists related to handling local MHTML files. (CVE-2014-1747) - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748) - Various unspecified errors. (CVE-2014-1749) - An integer underflow error exists related to the V8 JavaScript engine. (CVE-2014-3152) - An error exists related to the 'Blink' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2da726ba"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 35.0.1916.114 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3152"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("MacOSX/Google Chrome/Installed"); google_chrome_check_version(fix:'35.0.1916.114', severity:SECURITY_HOLE, xss:TRUE);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-420.NASL description chromium was updated to version 35.0.1916.114 to fix various security issues. Security fixes : - CVE-2014-1743: Use-after-free in styles - CVE-2014-1744: Integer overflow in audio - CVE-2014-1745: Use-after-free in SVG - CVE-2014-1746: Out-of-bounds read in media filters - CVE-2014-1747: UXSS with local MHTML file - CVE-2014-1748: UI spoofing with scrollbar - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives - CVE-2014-3152: Integer underflow in V8 fixed - CVE-2014-1740: Use-after-free in WebSockets - CVE-2014-1741: Integer overflow in DOM range - CVE-2014-1742: Use-after-free in editing and 17 more for which no detailed information is given. last seen 2020-06-05 modified 2014-06-13 plugin id 75387 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75387 title openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-420. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75387); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152"); script_bugtraq_id(67374, 67375, 67376, 67517, 71464); script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)"); script_summary(english:"Check for the openSUSE-2014-420 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "chromium was updated to version 35.0.1916.114 to fix various security issues. Security fixes : - CVE-2014-1743: Use-after-free in styles - CVE-2014-1744: Integer overflow in audio - CVE-2014-1745: Use-after-free in SVG - CVE-2014-1746: Out-of-bounds read in media filters - CVE-2014-1747: UXSS with local MHTML file - CVE-2014-1748: UI spoofing with scrollbar - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives - CVE-2014-3152: Integer underflow in V8 fixed - CVE-2014-1740: Use-after-free in WebSockets - CVE-2014-1741: Integer overflow in DOM range - CVE-2014-1742: Use-after-free in editing and 17 more for which no detailed information is given." ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ninja-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromedriver-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-debugsource-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-gnome-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-desktop-kde-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-ffmpegsumo-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"chromium-suid-helper-debuginfo-35.0.1916.114-1.45.4") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-debuginfo-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"ninja-debugsource-3.0+git.20130603.0f53fd3-2.6.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-debugsource-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-gnome-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-kde-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-debuginfo-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-35.0.1916.114-37.4") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"chromium-suid-helper-debuginfo-35.0.1916.114-37.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }
NASL family Windows NASL id GOOGLE_CHROME_35_0_1916_114.NASL description The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to last seen 2020-06-01 modified 2020-06-02 plugin id 74122 published 2014-05-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74122 title Google Chrome < 35.0.1916.114 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74122); script_version("1.12"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3152", "CVE-2014-3803" ); script_bugtraq_id(67517, 67582); script_name(english:"Google Chrome < 35.0.1916.114 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745) - An integer overflow error exists related to audio handling. (CVE-2014-1744) - An out-of-bounds read error exists related to media filters. (CVE-2014-1746) - A user-input validation error exists related to handling local MHTML files. (CVE-2014-1747) - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748) - Various unspecified errors. (CVE-2014-1749) - An integer underflow error exists related to the V8 JavaScript engine. (CVE-2014-3152) - An error exists related to the 'Blick' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2da726ba"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 35.0.1916.114 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3152"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'35.0.1916.114', severity:SECURITY_HOLE, xss:TRUE);
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-16.NASL description The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77460 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77460 title GLSA-201408-16 : Chromium: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201408-16. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(77460); script_version("1.14"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2014-0538", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1714", "CVE-2014-1715", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3154", "CVE-2014-3155", "CVE-2014-3156", "CVE-2014-3157", "CVE-2014-3160", "CVE-2014-3162", "CVE-2014-3165", "CVE-2014-3166", "CVE-2014-3167", "CVE-2014-3168", "CVE-2014-3169", "CVE-2014-3170", "CVE-2014-3171", "CVE-2014-3172", "CVE-2014-3173", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3176", "CVE-2014-3177"); script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407); script_xref(name:"GLSA", value:"201408-16"); script_name(english:"GLSA-201408-16 : Chromium: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201408-16" ); script_set_attribute( attribute:"solution", value: "All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-37.0.2062.94'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 37.0.2062.94"), vulnerable:make_list("lt 37.0.2062.94"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium"); }
References
- http://www.debian.org/security/2014/dsa-2939
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/59155
- https://code.google.com/p/chromium/issues/detail?id=346192
- https://src.chromium.org/viewvc/blink?revision=167993&view=revision
- http://secunia.com/advisories/58920
- http://www.securitytracker.com/id/1030270
- http://www.openwall.com/lists/oss-security/2024/02/05/8