MEDIUM5.0
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
Серьёзность:
Закрытые проблемы (51)
MEDIUM5.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.3
Множественные уязвимости пакета libjpeg-turbo-static-1.2.1 операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM5.0
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NMEDIUM4.3
Уязвимость расширения Kaspersky Protection браузера Google Chrome, позволяющая нарушителю удалить произвольные расширения chrome
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NСсылки
MEDIUM6.8
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=223962
- https://code.google.com/p/chromium/issues/detail?id=270758
- https://code.google.com/p/chromium/issues/detail?id=271161
- https://code.google.com/p/chromium/issues/detail?id=284785
- https://code.google.com/p/chromium/issues/detail?id=284786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013
- https://src.chromium.org/viewvc/blink?revision=157243&view=revision
- https://src.chromium.org/viewvc/blink?revision=157245&view=revision
- https://src.chromium.org/viewvc/blink?revision=157256&view=revision
- https://src.chromium.org/viewvc/blink?revision=157259&view=revision
- https://src.chromium.org/viewvc/blink?revision=157273&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=223962
- https://code.google.com/p/chromium/issues/detail?id=270758
- https://code.google.com/p/chromium/issues/detail?id=271161
- https://code.google.com/p/chromium/issues/detail?id=284785
- https://code.google.com/p/chromium/issues/detail?id=284786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013
- https://src.chromium.org/viewvc/blink?revision=157243&view=revision
- https://src.chromium.org/viewvc/blink?revision=157245&view=revision
- https://src.chromium.org/viewvc/blink?revision=157256&view=revision
- https://src.chromium.org/viewvc/blink?revision=157259&view=revision
- https://src.chromium.org/viewvc/blink?revision=157273&view=revision
MEDIUM5.0
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=260667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=260667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18695
MEDIUM5.0
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=265221
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
- https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=265221
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18782
- https://src.chromium.org/viewvc/chrome?revision=217485&view=revision
HIGH7.5
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=265838
- https://code.google.com/p/chromium/issues/detail?id=279277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012
- https://src.chromium.org/viewvc/blink?revision=156580&view=revision
- https://support.apple.com/kb/HT6537
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=265838
- https://code.google.com/p/chromium/issues/detail?id=279277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19012
- https://src.chromium.org/viewvc/blink?revision=156580&view=revision
- https://support.apple.com/kb/HT6537
HIGH7.5
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=269753
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812
- https://src.chromium.org/viewvc/blink?revision=157615&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=269753
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812
- https://src.chromium.org/viewvc/blink?revision=157615&view=revision
MEDIUM6.8
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=271939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687
- https://src.chromium.org/viewvc/blink?revision=156248&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=271939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687
- https://src.chromium.org/viewvc/blink?revision=156248&view=revision
HIGH7.5
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=276368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
- https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=276368
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962
- https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
MEDIUM6.8
Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=278908
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843
- https://src.chromium.org/viewvc/blink?revision=157914&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=278908
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843
- https://src.chromium.org/viewvc/blink?revision=157914&view=revision
MEDIUM4.3
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=280512
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319
- https://src.chromium.org/viewvc/chrome?revision=222146&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=280512
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319
- https://src.chromium.org/viewvc/chrome?revision=222146&view=revision
MEDIUM4.3
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=281256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968
- https://src.chromium.org/viewvc/blink?revision=157196&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=281256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968
- https://src.chromium.org/viewvc/blink?revision=157196&view=revision
MEDIUM5.0
The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=281480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820
- https://src.chromium.org/viewvc/blink?revision=157007&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=281480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820
- https://src.chromium.org/viewvc/blink?revision=157007&view=revision
HIGH7.5
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=282088
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
- https://src.chromium.org/viewvc/blink?revision=157392&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=282088
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
- https://src.chromium.org/viewvc/blink?revision=157392&view=revision
HIGH7.5
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=282736
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=282736
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840
MEDIUM5.0
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=285742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451
- https://src.chromium.org/viewvc/chrome?revision=223735&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=285742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451
- https://src.chromium.org/viewvc/chrome?revision=223735&view=revision
MEDIUM6.8
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=286414
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389
- https://src.chromium.org/viewvc/blink?revision=157760&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=286414
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389
- https://src.chromium.org/viewvc/blink?revision=157760&view=revision
MEDIUM6.8
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=286975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358
- https://src.chromium.org/viewvc/blink?revision=157543&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=286975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18358
- https://src.chromium.org/viewvc/blink?revision=157543&view=revision
HIGH7.5
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=237800
- https://code.google.com/p/chromium/issues/detail?id=246724
- https://code.google.com/p/chromium/issues/detail?id=254728
- https://code.google.com/p/chromium/issues/detail?id=257852
- https://code.google.com/p/chromium/issues/detail?id=260138
- https://code.google.com/p/chromium/issues/detail?id=264211
- https://code.google.com/p/chromium/issues/detail?id=265493
- https://code.google.com/p/chromium/issues/detail?id=265731
- https://code.google.com/p/chromium/issues/detail?id=266593
- https://code.google.com/p/chromium/issues/detail?id=267068
- https://code.google.com/p/chromium/issues/detail?id=269835
- https://code.google.com/p/chromium/issues/detail?id=274020
- https://code.google.com/p/chromium/issues/detail?id=276111
- https://code.google.com/p/chromium/issues/detail?id=277656
- https://code.google.com/p/chromium/issues/detail?id=278366
- https://code.google.com/p/chromium/issues/detail?id=279286
- https://code.google.com/p/chromium/issues/detail?id=284792
- https://code.google.com/p/chromium/issues/detail?id=285380
- https://code.google.com/p/chromium/issues/detail?id=288761
- https://code.google.com/p/chromium/issues/detail?id=288771
- https://code.google.com/p/chromium/issues/detail?id=289648
- https://code.google.com/p/chromium/issues/detail?id=293521
- https://code.google.com/p/chromium/issues/detail?id=294023
- https://code.google.com/p/chromium/issues/detail?id=294202
- https://code.google.com/p/chromium/issues/detail?id=294206
- https://code.google.com/p/chromium/issues/detail?id=299016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=237800
- https://code.google.com/p/chromium/issues/detail?id=246724
- https://code.google.com/p/chromium/issues/detail?id=254728
- https://code.google.com/p/chromium/issues/detail?id=257852
- https://code.google.com/p/chromium/issues/detail?id=260138
- https://code.google.com/p/chromium/issues/detail?id=264211
- https://code.google.com/p/chromium/issues/detail?id=265493
- https://code.google.com/p/chromium/issues/detail?id=265731
- https://code.google.com/p/chromium/issues/detail?id=266593
- https://code.google.com/p/chromium/issues/detail?id=267068
- https://code.google.com/p/chromium/issues/detail?id=269835
- https://code.google.com/p/chromium/issues/detail?id=274020
- https://code.google.com/p/chromium/issues/detail?id=276111
- https://code.google.com/p/chromium/issues/detail?id=277656
- https://code.google.com/p/chromium/issues/detail?id=278366
- https://code.google.com/p/chromium/issues/detail?id=279286
- https://code.google.com/p/chromium/issues/detail?id=284792
- https://code.google.com/p/chromium/issues/detail?id=285380
- https://code.google.com/p/chromium/issues/detail?id=288761
- https://code.google.com/p/chromium/issues/detail?id=288771
- https://code.google.com/p/chromium/issues/detail?id=289648
- https://code.google.com/p/chromium/issues/detail?id=293521
- https://code.google.com/p/chromium/issues/detail?id=294023
- https://code.google.com/p/chromium/issues/detail?id=294202
- https://code.google.com/p/chromium/issues/detail?id=294206
- https://code.google.com/p/chromium/issues/detail?id=299016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103
HIGH7.5
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://bugs.icu-project.org/trac/ticket/10318
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://jvn.jp/en/jp/JVN85336306/index.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- http://www.debian.org/security/2013/dsa-2786
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- https://code.google.com/p/chromium/issues/detail?id=275803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017
- https://src.chromium.org/viewvc/chrome?revision=219151&view=revision
- http://bugs.icu-project.org/trac/ticket/10318
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
- http://jvn.jp/en/jp/JVN85336306/index.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- http://www.debian.org/security/2013/dsa-2786
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- https://code.google.com/p/chromium/issues/detail?id=275803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017
- https://src.chromium.org/viewvc/chrome?revision=219151&view=revision
MEDIUM6.8
Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=292422
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866
- https://src.chromium.org/viewvc/blink?revision=158146&view=revision
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=292422
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866
- https://src.chromium.org/viewvc/blink?revision=158146&view=revision
MEDIUM6.8
Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=294456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18837
- https://src.chromium.org/viewvc/blink?revision=158727&view=revision
- https://support.apple.com/kb/HT6537
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=294456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18837
- https://src.chromium.org/viewvc/blink?revision=158727&view=revision
- https://support.apple.com/kb/HT6537
MEDIUM6.8
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6254
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=297478
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155
- https://src.chromium.org/viewvc/blink?revision=158428&view=revision
- https://support.apple.com/kb/HT6537
- http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6254
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=297478
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19155
- https://src.chromium.org/viewvc/blink?revision=158428&view=revision
- https://support.apple.com/kb/HT6537
HIGH7.5
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://crbug.com/303657
- http://crbug.com/303772
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=305790
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19065
- https://support.apple.com/kb/HT6537
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://crbug.com/303657
- http://crbug.com/303772
- http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2785
- https://code.google.com/p/chromium/issues/detail?id=305790
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19065
- https://support.apple.com/kb/HT6537
CRITICAL10.0
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://code.google.com/p/chromium/issues/detail?id=263255
- https://code.google.com/p/chromium/issues/detail?id=264574
- https://code.google.com/p/chromium/issues/detail?id=271235
- https://code.google.com/p/chromium/issues/detail?id=282738
- https://code.google.com/p/chromium/issues/detail?id=285578
- https://code.google.com/p/chromium/issues/detail?id=286368
- https://code.google.com/p/chromium/issues/detail?id=296276
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/chromium/issues/detail?id=297556
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://code.google.com/p/chromium/issues/detail?id=299993
- https://code.google.com/p/chromium/issues/detail?id=302810
- https://code.google.com/p/chromium/issues/detail?id=303232
- https://code.google.com/p/chromium/issues/detail?id=304226
- https://code.google.com/p/chromium/issues/detail?id=306255
- https://code.google.com/p/chromium/issues/detail?id=314225
- https://code.google.com/p/chromium/issues/detail?id=315823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://code.google.com/p/chromium/issues/detail?id=263255
- https://code.google.com/p/chromium/issues/detail?id=264574
- https://code.google.com/p/chromium/issues/detail?id=271235
- https://code.google.com/p/chromium/issues/detail?id=282738
- https://code.google.com/p/chromium/issues/detail?id=285578
- https://code.google.com/p/chromium/issues/detail?id=286368
- https://code.google.com/p/chromium/issues/detail?id=296276
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/chromium/issues/detail?id=297556
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://code.google.com/p/chromium/issues/detail?id=299993
- https://code.google.com/p/chromium/issues/detail?id=302810
- https://code.google.com/p/chromium/issues/detail?id=303232
- https://code.google.com/p/chromium/issues/detail?id=304226
- https://code.google.com/p/chromium/issues/detail?id=306255
- https://code.google.com/p/chromium/issues/detail?id=314225
- https://code.google.com/p/chromium/issues/detail?id=315823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183
HIGH7.5
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=268565
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19006
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=268565
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19006
MEDIUM6.8
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=272786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18335
- https://src.chromium.org/viewvc/blink?revision=159031&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=272786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18335
- https://src.chromium.org/viewvc/blink?revision=159031&view=revision
MEDIUM4.3
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=282925
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19311
- https://src.chromium.org/viewvc/blink?revision=158480&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=282925
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19311
- https://src.chromium.org/viewvc/blink?revision=158480&view=revision
HIGH7.5
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=290566
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19168
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=290566
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19168
MEDIUM6.8
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PСсылки
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=295010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19257
- https://src.chromium.org/viewvc/blink?revision=160037&view=revision
- https://support.apple.com/kb/HT6537
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=295010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19257
- https://src.chromium.org/viewvc/blink?revision=160037&view=revision
- https://support.apple.com/kb/HT6537
MEDIUM4.3
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=295695
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401
- https://src.chromium.org/viewvc/chrome?revision=225026&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=295695
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401
- https://src.chromium.org/viewvc/chrome?revision=225026&view=revision
MEDIUM5.0
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://blog.skylined.nl/20161219001.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://packetstormsecurity.com/files/140209/Chrome-HTTP-1xx-Out-Of-Bounds-Read.html
- http://seclists.org/fulldisclosure/2016/Dec/65
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=299892
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19113
- https://src.chromium.org/viewvc/chrome?revision=226539&view=revision
- https://www.exploit-db.com/exploits/40944/
- http://blog.skylined.nl/20161219001.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://packetstormsecurity.com/files/140209/Chrome-HTTP-1xx-Out-Of-Bounds-Read.html
- http://seclists.org/fulldisclosure/2016/Dec/65
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=299892
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19113
- https://src.chromium.org/viewvc/chrome?revision=226539&view=revision
- https://www.exploit-db.com/exploits/40944/
MEDIUM4.3
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19108
- https://secure-resumption.com/
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19108
- https://secure-resumption.com/
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
MEDIUM5.0
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NСсылки
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://bugs.ghostscript.com/show_bug.cgi?id=686980
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://rhn.redhat.com/errata/RHSA-2013-1804.html
- http://secunia.com/advisories/56175
- http://secunia.com/advisories/58974
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://support.apple.com/kb/HT6150
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/63676
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
- https://security.gentoo.org/glsa/201606-03
- https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
- https://www.ibm.com/support/docview.wss?uid=swg21675973
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://bugs.ghostscript.com/show_bug.cgi?id=686980
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://rhn.redhat.com/errata/RHSA-2013-1804.html
- http://secunia.com/advisories/56175
- http://secunia.com/advisories/58974
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://support.apple.com/kb/HT6150
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/63676
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
- https://security.gentoo.org/glsa/201606-03
- https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
- https://www.ibm.com/support/docview.wss?uid=swg21675973
MEDIUM5.0
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NСсылки
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://secunia.com/advisories/56175
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://security.gentoo.org/glsa/201606-03
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://secunia.com/advisories/56175
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://security.gentoo.org/glsa/201606-03
HIGH7.5
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PСсылки
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/webrtc/source/detail?r=4827
- https://webrtc-codereview.appspot.com/2275008
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/webrtc/source/detail?r=4827
- https://webrtc-codereview.appspot.com/2275008
CRITICAL9.3
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
CVSS 2.0КРИТИЧЕСКАЯ 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CСсылки
- http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
- https://code.google.com/p/chromium/issues/detail?id=319117
- https://code.google.com/p/chromium/issues/detail?id=319125
- http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://www.debian.org/security/2013/dsa-2799
- http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
- https://code.google.com/p/chromium/issues/detail?id=319117
- https://code.google.com/p/chromium/issues/detail?id=319125
MEDIUM4.3
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N