Summary: | <www-client/chromium-28.0.1500.95 multiple vulnerabilities (CVE-2013-{2881,2882,2883,2884,2885,2886}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ago, chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2013-07-31 00:22:53 UTC
Please stabilize on amd64 and x86. =dev-lang/v8-3.18.5.14 =www-client/chromium-28.0.1500.95 x86 stable amd64 stable Thanks for your work Added to existing GLSA draft CVE-2013-2886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886): Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-2885 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885): Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type. CVE-2013-2884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884): Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. CVE-2013-2883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883): Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. CVE-2013-2882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882): Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." CVE-2013-2881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881): Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |