DSA-2724-1 chromium-browser -- severalID: oval:org.secpod.oval:def:601072 | Date: (C)2013-09-25 (M)2023-11-16 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n . CVE-2013-2867 Chrome does not properly prevent pop-under windows. CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. CVE-2013-2869 Denial of service via a crafted JPEG2000 image. CVE-2013-2870 Use-after-free vulnerability in network sockets. CVE-2013-2871 Use-after-free vulnerability in input handling. CVE-2013-2873 Use-after-free vulnerability in resource loading. CVE-2013-2875 Out-of-bounds read in SVG file handling. CVE-2013-2876 Chrome does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits. CVE-2013-2877 Out-of-bounds read in XML file handling. CVE-2013-2878 Out-of-bounds read in text handling. CVE-2013-2879 The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked. CVE-2013-2880 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies.