VuXML: chromium -- multiple vulnerabilities

VuXML ID	e5414d0c-2ade-11e3-821d-00262d5ed8ee
Discovery	2013-10-01
Entry	2013-10-01

Google Chrome Releases reports:

50 security fixes in this release, including:

[223962][270758][271161][284785][284786] Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG.

[260667] Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky.

[265221] Medium CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. Credit to Chamal de Silva.

[265838][279277] High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG.

[269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

[271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG.

[276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com.

[278908] High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer.

[279263] High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani.

[280512] Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld.

[281256] High CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. Credit to Masato Kinugawa.

[281480] Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

[282088] High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

[282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data.

[285742] Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG.

[286414] High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

[286975] High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler.

[299016] CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30).

[275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.

[source]

chromium -- multiple vulnerabilities

Details

References

CVE Name	CVE-2013-2906
CVE Name	CVE-2013-2907
CVE Name	CVE-2013-2908
CVE Name	CVE-2013-2909
CVE Name	CVE-2013-2910
CVE Name	CVE-2013-2911
CVE Name	CVE-2013-2912
CVE Name	CVE-2013-2913
CVE Name	CVE-2013-2914
CVE Name	CVE-2013-2915
CVE Name	CVE-2013-2916
CVE Name	CVE-2013-2917
CVE Name	CVE-2013-2918
CVE Name	CVE-2013-2919
CVE Name	CVE-2013-2920
CVE Name	CVE-2013-2921
CVE Name	CVE-2013-2922
CVE Name	CVE-2013-2923
CVE Name	CVE-2013-2924
URL	http://googlechromereleases.blogspot.nl/