{"id":"MGASA-2013-0194","summary":"Updated chromium-browser-stable packages fixes security vulnerabilities","details":"Use-after-free vulnerability in the SVG implementation allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via unknown vectors (CVE-2013-2837).\n\nGoogle V8, as used in Chromium before 27.0.1453.93, allows remote attackers\nto cause a denial of service (out-of-bounds read) via unspecified vectors\n(CVE-2013-2838).\n\nChromium before 27.0.1453.93 does not properly perform a cast of an\nunspecified variable during handling of clipboard data, which allows remote\nattackers to cause a denial of service or possibly have other impact via\nunknown vectors (CVE-2013-2839).\n\nUse-after-free vulnerability in the media loader in Chromium before\n27.0.1453.93 allows remote attackers to cause a denial of service or possibly\nhave unspecified other impact via unknown vectors (CVE-2013-2840).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.93 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors related to the handling of Pepper resources\n(CVE-2013-2841).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.93 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors related to the handling of widgets (CVE-2013-2842).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.93 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors related to the handling of speech data (CVE-2013-2843).\n\nUse-after-free vulnerability in the Cascading Style Sheets (CSS)\nimplementation in Chromium before 27.0.1453.93 allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nvectors related to style resolution (CVE-2013-2844).\n\nThe Web Audio implementation in Google Chrome before 27.0.1453.93 allows\nremote attackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via unknown vectors (CVE-2013-2845).\n\nUse-after-free vulnerability in the media loader in Google Chrome before\n27.0.1453.93 allows remote attackers to cause a denial of service or possibly\nhave unspecified other impact via unknown vectors (CVE-2013-2846).\n\nRace condition in the workers implementation in Google Chrome before\n27.0.1453.93 allows remote attackers to cause a denial of service\n(use-after-free and application crash) or possibly have unspecified other\nimpact via unknown vectors (CVE-2013-2847).\n\nThe XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote\nattackers to obtain sensitive information via unspecified vectors\n(CVE-2013-2848).\n\nMultiple cross-site scripting (XSS) vulnerabilities in Google Chrome before\n27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web\nscript or HTML via vectors involving a (1) drag-and-drop or\n(2) copy-and-paste operation (CVE-2013-2849).\n\nThe Developer Tools API in Chromium before 27.0.1453.110 allows remote\nattackers to cause a denial of service (memory corruption) or possibly have\nunspecified other impact via unknown vectors (CVE-2013-2855).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.110 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors related to the handling of input (CVE-2013-2856).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.110 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors related to the handling of images (CVE-2013-2857).\n\nUse-after-free vulnerability in the HTML5 Audio implementation in Chromium\nbefore 27.0.1453.110 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors (CVE-2013-2858).\n\nChromium before 27.0.1453.110 allows remote attackers to bypass the Same\nOrigin Policy and trigger namespace pollution via unspecified vectors\n(CVE-2013-2859).\n\nUse-after-free vulnerability in Chromium before 27.0.1453.110 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via vectors involving access to a database API by a worker process\n(CVE-2013-2860).\n\nUse-after-free vulnerability in the SVG implementation in Chromium before\n27.0.1453.110 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors (CVE-2013-2861).\n\nSkia, as used in Chromium before 27.0.1453.110, does not properly handle GPU\nacceleration, which allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors (CVE-2013-2862).\n\nChromium before 27.0.1453.110 does not properly handle SSL sockets, which\nallows remote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption) via unspecified vectors (CVE-2013-2863).\n\nMultiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow\nattackers to cause a denial of service or possibly have other impact via\nunknown vectors (CVE-2013-2865).\n","modified":"2026-04-16T04:41:32.083107631Z","published":"2013-07-01T19:12:57Z","upstream":["CVE-2013-2837","CVE-2013-2838","CVE-2013-2839","CVE-2013-2840","CVE-2013-2841","CVE-2013-2842","CVE-2013-2843","CVE-2013-2844","CVE-2013-2845","CVE-2013-2846","CVE-2013-2847","CVE-2013-2848","CVE-2013-2849","CVE-2013-2855","CVE-2013-2856","CVE-2013-2857","CVE-2013-2858","CVE-2013-2859","CVE-2013-2860","CVE-2013-2861","CVE-2013-2862","CVE-2013-2863","CVE-2013-2865"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0194.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10353"},{"type":"WEB","url":"http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"},{"type":"WEB","url":"http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html"},{"type":"WEB","url":"http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html"},{"type":"WEB","url":"http://www.debian.org/security/2013/dsa-2695"},{"type":"WEB","url":"http://www.debian.org/security/2013/dsa-2706"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"28.0.1500.45-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0194.json"}},{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"28.0.1500.45-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0194.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}