Vulnerability Details

Google Chrome Multiple Vulnerabilities-02 Feb2014 (Windows)

Published: 2014-02-26 05:51:50
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary:
The host is installed with Google Chrome and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws are due to, - An unspecified error in 'sandbox/win/src/named_pipe_dispatcher.cc' related to relative paths in Windows sandbox named pipe policy. - A use-after-free error related to web contents can be exploited to cause memory corruption. - An unspecified error exists in 'SVGAnimateElement::calculateAnimatedValue' function related to type casting in SVG. - A use-after-free error related to layout can be exploited to cause memory corruption. - An error in XSS auditor 'XSSAuditor::init' function can be exploited to disclose certain information. - Another error in XSS auditor can be exploited to disclose certain information. - Another use-after-free error related to layout can be exploited to cause memory corruption - An unspecified error exists in 'SSLClientSocketNSS::Core::OwnAuthCertHandler' function related to certificates validation in TLS handshake. - An error in drag and drop can be exploited to disclose unspecified information. - Some unspecified errors exist. No further information is currently available.

Impact:
Successful exploitation will allow remote attackers to conduct denial of service, execution of arbitrary code and unspecified other impacts.

Affected Versions:
Google Chrome version prior to 33.0.1750.117 on Windows

Recommendations:
Upgrade to version 33.0.1750.117 or later.

Detection Type:
Windows Registry

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2013-6652
https://nvd.nist.gov/vuln/detail/CVE-2013-6653
https://nvd.nist.gov/vuln/detail/CVE-2013-6654
https://nvd.nist.gov/vuln/detail/CVE-2013-6655
https://nvd.nist.gov/vuln/detail/CVE-2013-6656
https://nvd.nist.gov/vuln/detail/CVE-2013-6657
https://nvd.nist.gov/vuln/detail/CVE-2013-6658
https://nvd.nist.gov/vuln/detail/CVE-2013-6659
https://nvd.nist.gov/vuln/detail/CVE-2013-6660
https://nvd.nist.gov/vuln/detail/CVE-2013-6661

CVE Analysis

https://www.mageni.net/cve/CVE-2013-6652
https://www.mageni.net/cve/CVE-2013-6653
https://www.mageni.net/cve/CVE-2013-6654
https://www.mageni.net/cve/CVE-2013-6655
https://www.mageni.net/cve/CVE-2013-6656
https://www.mageni.net/cve/CVE-2013-6657
https://www.mageni.net/cve/CVE-2013-6658
https://www.mageni.net/cve/CVE-2013-6659
https://www.mageni.net/cve/CVE-2013-6660
https://www.mageni.net/cve/CVE-2013-6661

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/65699

References:

http://secunia.com/advisories/57028
http://securitytracker.com/id?1029813
http://googlechromereleases.blogspot.in/2014/02/stable-channel-update_20.html
http://www.google.com/chrome

Severity
High
CVSS Score
7.5
Published
2014-02-26
Modified
2018-10-12
Category
General

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.