Security Information / 2013 / Security Information -- DSA-2785-1 chromium-browser

Debian Security Advisory

DSA-2785-1 chromium-browser -- several vulnerabilities

Date Reported:

26 Oct 2013

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2013-2906

  Atte Kettunen of OUSPG discovered race conditions in Web Audio.

• CVE-2013-2907

  Boris Zbarsky discovered an out-of-bounds read in window.prototype.

• CVE-2013-2908

  Chamal de Silva discovered an address bar spoofing issue.

• CVE-2013-2909

  Atte Kuttenen of OUSPG discovered a use-after-free issue in inline-block.

• CVE-2013-2910

  Byoungyoung Lee of the Georgia Tech Information Security Center discovered a use-after-free issue in Web Audio.

• CVE-2013-2911

  Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT handling.

• CVE-2013-2912

  Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a use-after-free issue in the Pepper Plug-in API.

• CVE-2013-2913

  cloudfuzzer discovered a use-after-free issue in Blink's XML document parsing.

• CVE-2013-2915

  Wander Groeneveld discovered an address bar spoofing issue.

• CVE-2013-2916

  Masato Kinugawa discovered an address bar spoofing issue.

• CVE-2013-2917

  Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read issue in Web Audio.

• CVE-2013-2918

  Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM implementation.

• CVE-2013-2919

  Adam Haile of Concrete Data discovered a memory corruption issue in the V8 javascript library.

• CVE-2013-2920

  Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL host resolving.

• CVE-2013-2921

  Byoungyoung Lee and Tielei Wang discovered a use-after-free issue in resource loading.

• CVE-2013-2922

  Jon Butler discovered a use-after-free issue in Blink's HTML template element implementation.

• CVE-2013-2924

  A use-after-free issue was discovered in the International Components for Unicode (ICU) library.

• CVE-2013-2925

  Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation.

• CVE-2013-2926

  cloudfuzzer discovered a use-after-free issue in the list indenting implementation.

• CVE-2013-2927

  cloudfuzzer discovered a use-after-free issue in the HTML form submission implementation.

• CVE-2013-2923 and CVE-2013-2928

  The chrome 30 development team found various issues from internal fuzzing, audits, and other studies.

For the stable distribution (wheezy), these problems have been fixed in version 30.0.1599.101-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 30.0.1599.101-1.

We recommend that you upgrade your chromium-browser packages.