FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chromium -- multiple vulnerabilities

Affected packages
chromium < 26.0.1410.43

Details

VuXML ID bdd48858-9656-11e2-a9a8-00262d5ed8ee
Discovery 2013-03-26
Entry 2013-03-26

Google Chrome Releases reports:

[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.

[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).

[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.

[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.

[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to "t3553r".

[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[169632] Low CVE-2013-0924: Check an extension's permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.

[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.

[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).

References

CVE Name CVE-2013-0916
CVE Name CVE-2013-0917
CVE Name CVE-2013-0918
CVE Name CVE-2013-0919
CVE Name CVE-2013-0920
CVE Name CVE-2013-0921
CVE Name CVE-2013-0922
CVE Name CVE-2013-0923
CVE Name CVE-2013-0924
CVE Name CVE-2013-0925
CVE Name CVE-2013-0926
URL http://googlechromereleases.blogspot.nl/search/Stable%20Updates