There are 20 fresh security patches in Google Chrome, including
fixes for a number of high-severity vulnerabilities. Google regularly pushes
out new versions of its browser every few weeks, and sometimes will only have a
handful of security fixes. Chrome users should update their browsers as soon
as possible to protect against attacks using these vulnerabilities.
The vulnerabilities are based on the CVE vulnerability naming standard and are
organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high,
medium, and low severities correspond to the following scores:
·
Medium - Vulnerabilities
will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Here
is the list:
High Vulnerabilities
|
Primary
Vendor --
Product
|
Description
|
Published
|
CVSS Score
|
Source &
Patch Info
|
|
google -- chrome
|
Use-after-free vulnerability in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to inline-block
rendering for bidirectional Unicode text in an element isolated from its
siblings.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free vulnerability in
modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation
in Blink, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via unknown vectors.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost
function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper
Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via vectors involving a resource-destruction message.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free vulnerability in the
RenderBlock::collapseAnonymousBlockChild function in
core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in
Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial
of service or possibly have unspecified other impact by leveraging incorrect
handling of parent-child relationships for anonymous blocks.
|
2013-10-02
|
||
|
google -- chrome
|
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.
|
2013-10-02
|
||
|
google -- chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66
allow attackers to cause a denial of service or possibly have other impact
via unknown vectors.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free vulnerability in International Components for Unicode
(ICU), as used in Google Chrome before 30.0.1599.66 and other products,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
2013-10-02
|
Medium Vulnerabilities
|
google -- chrome
|
Multiple
race conditions in the Web Audio implementation in Blink, as used in Google
Chrome before 30.0.1599.66, allow remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
threading in core/html/HTMLMediaElement.cpp,
core/platform/audio/AudioDSPKernelProcessor.cpp,
core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.
|
2013-10-02
|
||
|
google -- chrome
|
The
Window.prototype object implementation in Google Chrome before 30.0.1599.66
allows remote attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.
|
2013-10-02
|
||
|
google -- chrome
|
Google
Chrome before 30.0.1599.66 uses incorrect function calls to determine the
values of NavigationEntry objects, which allows remote attackers to spoof the
address bar via vectors involving a response with a 204 (aka No Content)
status code.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free
vulnerability in the XSLStyleSheet::compileStyleSheet function in
core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact by leveraging improper handling of
post-failure recompilation in unspecified libxslt versions.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free
vulnerability in the XMLDocumentParser::append function in
core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors involving an XML document.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free
vulnerability in the color-chooser dialog in Google Chrome before
30.0.1599.66 on Windows allows remote attackers to cause a denial of service
or possibly have unspecified other impact via vectors related to
color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.
|
2013-10-02
|
||
|
google -- chrome
|
Google
Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in
certain invalid circumstances, which allows remote attackers to spoof the
address bar via a URL with a malformed scheme, as demonstrated by a
nonexistent:12121 URL.
|
2013-10-02
|
||
|
google -- chrome
|
Blink,
as used in Google Chrome before 30.0.1599.66, allows remote attackers to
spoof the address bar via vectors involving a response with a 204 (aka No
Content) status code, in conjunction with a delay in notifying the user of an
attempted spoof.
|
2013-10-02
|
||
|
google -- chrome
|
The
ReverbConvolverStage::ReverbConvolverStage function in
core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation
in Blink, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service (out-of-bounds read) via vectors
related to the impulseResponse array.
|
2013-10-02
|
||
|
google -- chrome
|
The
DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome
before 30.0.1599.66 allows remote attackers to cause a denial of service
(out-of-bounds read) via a relative URL containing a hostname, as
demonstrated by a protocol-relative URL beginning with a //www.google.com/substring.
|
2013-10-02
|
||
|
google -- chrome
|
Double
free vulnerability in the ResourceFetcher::didLoadResource function in
core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google
Chrome before 30.0.1599.66, allows remote attackers to cause a denial of
service or possibly have unspecified other impact by triggering certain
callback processing during the reporting of a resource entry.
|
2013-10-02
|
||
|
google -- chrome
|
Use-after-free
vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in
Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via crafted JavaScript
code that operates on a TEMPLATE element.
|
2013-10-02
|
