FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chromium -- multiple vulnerabilities

Affected packages
chromium < 27.0.1453.93


VuXML ID 358133b5-c2b9-11e2-a738-00262d5ed8ee
Discovery 2013-05-21
Entry 2013-05-22

Google Chrome Releases reports:

[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek.

[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler.

[230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity.

[230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity.

[227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva.

[226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux.

[222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani.

[196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul).

[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.

[177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva.

[176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne.

[176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov.

[171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich.

[241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.


CVE Name CVE-2013-2836
CVE Name CVE-2013-2837
CVE Name CVE-2013-2838
CVE Name CVE-2013-2839
CVE Name CVE-2013-2840
CVE Name CVE-2013-2841
CVE Name CVE-2013-2842
CVE Name CVE-2013-2843
CVE Name CVE-2013-2844
CVE Name CVE-2013-2845
CVE Name CVE-2013-2846
CVE Name CVE-2013-2847
CVE Name CVE-2013-2848
CVE Name CVE-2013-2849