Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 479048 (CVE-2013-2881)

Summary: <www-client/chromium-28.0.1500.95 multiple vulnerabilities (CVE-2013-{2881,2882,2883,2884,2885,2886})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2013-07-31 00:22:53 UTC 
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-07-31 00:25:04 UTC 
Please stabilize on amd64 and x86.

=dev-lang/v8-3.18.5.14
=www-client/chromium-28.0.1500.95
Comment 2 Agostino Sarubbo gentoo-dev 2013-07-31 08:47:21 UTC 
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-07-31 10:02:54 UTC 
amd64 stable
Comment 4 Sergey Popov gentoo-dev 2013-08-22 08:46:11 UTC 
Thanks for your work

Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 02:50:20 UTC 
CVE-2013-2886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886):
  Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-2885 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885):
  Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to not properly considering focus during
  the processing of JavaScript events in the presence of a multiple-fields
  input type.

CVE-2013-2884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884):
  Use-after-free vulnerability in the DOM implementation in Google Chrome
  before 28.0.1500.95 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via vectors related to improper
  tracking of which document owns an Attr object.

CVE-2013-2883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883):
  Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to deleting the registration of a
  MutationObserver object.

CVE-2013-2882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882):
  Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors that leverage "type confusion."

CVE-2013-2881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881):
  Google Chrome before 28.0.1500.95 does not properly handle frames, which
  allows remote attackers to bypass the Same Origin Policy via a crafted web
  site.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-09-25 00:10:53 UTC 
This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).