ID CVE-2013-0840
Summary Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
References
Vulnerable Configurations
  • Google Chrome 24.0.1272.0
    cpe:2.3:a:google:chrome:24.0.1272.0
  • Google Chrome 24.0.1272.1
    cpe:2.3:a:google:chrome:24.0.1272.1
  • Google Chrome 24.0.1273.0
    cpe:2.3:a:google:chrome:24.0.1273.0
  • Google Chrome 24.0.1274.0
    cpe:2.3:a:google:chrome:24.0.1274.0
  • Google Chrome 24.0.1275.0
    cpe:2.3:a:google:chrome:24.0.1275.0
  • Google Chrome 24.0.1276.0
    cpe:2.3:a:google:chrome:24.0.1276.0
  • Google Chrome 24.0.1276.1
    cpe:2.3:a:google:chrome:24.0.1276.1
  • Google Chrome 24.0.1277.0
    cpe:2.3:a:google:chrome:24.0.1277.0
  • Google Chrome 24.0.1278.0
    cpe:2.3:a:google:chrome:24.0.1278.0
  • Google Chrome 24.0.1279.0
    cpe:2.3:a:google:chrome:24.0.1279.0
  • Google Chrome 24.0.1280.0
    cpe:2.3:a:google:chrome:24.0.1280.0
  • Google Chrome 24.0.1281.0
    cpe:2.3:a:google:chrome:24.0.1281.0
  • Google Chrome 24.0.1281.1
    cpe:2.3:a:google:chrome:24.0.1281.1
  • Google Chrome 24.0.1281.2
    cpe:2.3:a:google:chrome:24.0.1281.2
  • Google Chrome 24.0.1281.3
    cpe:2.3:a:google:chrome:24.0.1281.3
  • Google Chrome 24.0.1282.0
    cpe:2.3:a:google:chrome:24.0.1282.0
  • Google Chrome 24.0.1297.0
    cpe:2.3:a:google:chrome:24.0.1297.0
  • Google Chrome 24.0.1298.0
    cpe:2.3:a:google:chrome:24.0.1298.0
  • Google Chrome 24.0.1295.0
    cpe:2.3:a:google:chrome:24.0.1295.0
  • Google Chrome 24.0.1296.0
    cpe:2.3:a:google:chrome:24.0.1296.0
  • Google Chrome 24.0.1293.0
    cpe:2.3:a:google:chrome:24.0.1293.0
  • Google Chrome 24.0.1294.0
    cpe:2.3:a:google:chrome:24.0.1294.0
  • Google Chrome 24.0.1291.0
    cpe:2.3:a:google:chrome:24.0.1291.0
  • Google Chrome 24.0.1292.0
    cpe:2.3:a:google:chrome:24.0.1292.0
  • Google Chrome 24.0.1289.0
    cpe:2.3:a:google:chrome:24.0.1289.0
  • Google Chrome 24.0.1290.0
    cpe:2.3:a:google:chrome:24.0.1290.0
  • Google Chrome 24.0.1288.1
    cpe:2.3:a:google:chrome:24.0.1288.1
  • Google Chrome 24.0.1289.1
    cpe:2.3:a:google:chrome:24.0.1289.1
  • Google Chrome 24.0.1287.1
    cpe:2.3:a:google:chrome:24.0.1287.1
  • Google Chrome 24.0.1288.0
    cpe:2.3:a:google:chrome:24.0.1288.0
  • Google Chrome 24.0.1286.1
    cpe:2.3:a:google:chrome:24.0.1286.1
  • Google Chrome 24.0.1287.0
    cpe:2.3:a:google:chrome:24.0.1287.0
  • Google Chrome 24.0.1299.0
    cpe:2.3:a:google:chrome:24.0.1299.0
  • Google Chrome 24.0.1285.1
    cpe:2.3:a:google:chrome:24.0.1285.1
  • Google Chrome 24.0.1285.0
    cpe:2.3:a:google:chrome:24.0.1285.0
  • Google Chrome 24.0.1286.0
    cpe:2.3:a:google:chrome:24.0.1286.0
  • Google Chrome 24.0.1285.2
    cpe:2.3:a:google:chrome:24.0.1285.2
  • Google Chrome 24.0.1284.0
    cpe:2.3:a:google:chrome:24.0.1284.0
  • Google Chrome 24.0.1283.0
    cpe:2.3:a:google:chrome:24.0.1283.0
  • Google Chrome 24.0.1284.2
    cpe:2.3:a:google:chrome:24.0.1284.2
  • Google Chrome 24.0.1284.1
    cpe:2.3:a:google:chrome:24.0.1284.1
  • Google Chrome 24.0.1312.9
    cpe:2.3:a:google:chrome:24.0.1312.9
  • Google Chrome 24.0.1312.8
    cpe:2.3:a:google:chrome:24.0.1312.8
  • Google Chrome 24.0.1312.7
    cpe:2.3:a:google:chrome:24.0.1312.7
  • Google Chrome 24.0.1312.6
    cpe:2.3:a:google:chrome:24.0.1312.6
  • Google Chrome 24.0.1312.50
    cpe:2.3:a:google:chrome:24.0.1312.50
  • Google Chrome 24.0.1312.5
    cpe:2.3:a:google:chrome:24.0.1312.5
  • Google Chrome 24.0.1312.49
    cpe:2.3:a:google:chrome:24.0.1312.49
  • Google Chrome 24.0.1312.48
    cpe:2.3:a:google:chrome:24.0.1312.48
  • Google Chrome 24.0.1312.47
    cpe:2.3:a:google:chrome:24.0.1312.47
  • Google Chrome 24.0.1312.46
    cpe:2.3:a:google:chrome:24.0.1312.46
  • Google Chrome 24.0.1312.45
    cpe:2.3:a:google:chrome:24.0.1312.45
  • Google Chrome 24.0.1312.44
    cpe:2.3:a:google:chrome:24.0.1312.44
  • Google Chrome 24.0.1312.43
    cpe:2.3:a:google:chrome:24.0.1312.43
  • Google Chrome 24.0.1312.42
    cpe:2.3:a:google:chrome:24.0.1312.42
  • Google Chrome 24.0.1312.41
    cpe:2.3:a:google:chrome:24.0.1312.41
  • Google Chrome 24.0.1312.40
    cpe:2.3:a:google:chrome:24.0.1312.40
  • Google Chrome 24.0.1312.4
    cpe:2.3:a:google:chrome:24.0.1312.4
  • Google Chrome 24.0.1312.39
    cpe:2.3:a:google:chrome:24.0.1312.39
  • Google Chrome 24.0.1312.38
    cpe:2.3:a:google:chrome:24.0.1312.38
  • Google Chrome 24.0.1312.37
    cpe:2.3:a:google:chrome:24.0.1312.37
  • Google Chrome 24.0.1312.36
    cpe:2.3:a:google:chrome:24.0.1312.36
  • Google Chrome 24.0.1312.35
    cpe:2.3:a:google:chrome:24.0.1312.35
  • Google Chrome 24.0.1312.34
    cpe:2.3:a:google:chrome:24.0.1312.34
  • Google Chrome 24.0.1312.33
    cpe:2.3:a:google:chrome:24.0.1312.33
  • Google Chrome 24.0.1312.32
    cpe:2.3:a:google:chrome:24.0.1312.32
  • Google Chrome 24.0.1312.31
    cpe:2.3:a:google:chrome:24.0.1312.31
  • Google Chrome 24.0.1312.30
    cpe:2.3:a:google:chrome:24.0.1312.30
  • Google Chrome 24.0.1312.29
    cpe:2.3:a:google:chrome:24.0.1312.29
  • Google Chrome 24.0.1312.28
    cpe:2.3:a:google:chrome:24.0.1312.28
  • Google Chrome 24.0.1312.27
    cpe:2.3:a:google:chrome:24.0.1312.27
  • Google Chrome 24.0.1312.26
    cpe:2.3:a:google:chrome:24.0.1312.26
  • Google Chrome 24.0.1312.25
    cpe:2.3:a:google:chrome:24.0.1312.25
  • Google Chrome 24.0.1312.24
    cpe:2.3:a:google:chrome:24.0.1312.24
  • Google Chrome 24.0.1312.23
    cpe:2.3:a:google:chrome:24.0.1312.23
  • Google Chrome 24.0.1312.22
    cpe:2.3:a:google:chrome:24.0.1312.22
  • Google Chrome 24.0.1312.21
    cpe:2.3:a:google:chrome:24.0.1312.21
  • Google Chrome 24.0.1312.20
    cpe:2.3:a:google:chrome:24.0.1312.20
  • Google Chrome 24.0.1312.19
    cpe:2.3:a:google:chrome:24.0.1312.19
  • Google Chrome 24.0.1312.18
    cpe:2.3:a:google:chrome:24.0.1312.18
  • Google Chrome 24.0.1312.17
    cpe:2.3:a:google:chrome:24.0.1312.17
  • Google Chrome 24.0.1312.16
    cpe:2.3:a:google:chrome:24.0.1312.16
  • Google Chrome 24.0.1312.15
    cpe:2.3:a:google:chrome:24.0.1312.15
  • Google Chrome 24.0.1312.14
    cpe:2.3:a:google:chrome:24.0.1312.14
  • Google Chrome 24.0.1312.13
    cpe:2.3:a:google:chrome:24.0.1312.13
  • Google Chrome 24.0.1312.12
    cpe:2.3:a:google:chrome:24.0.1312.12
  • Google Chrome 24.0.1312.11
    cpe:2.3:a:google:chrome:24.0.1312.11
  • Google Chrome 24.0.1312.10
    cpe:2.3:a:google:chrome:24.0.1312.10
  • Google Chrome 24.0.1312.1
    cpe:2.3:a:google:chrome:24.0.1312.1
  • Google Chrome 24.0.1312.0
    cpe:2.3:a:google:chrome:24.0.1312.0
  • Google Chrome 24.0.1311.1
    cpe:2.3:a:google:chrome:24.0.1311.1
  • Google Chrome 24.0.1311.0
    cpe:2.3:a:google:chrome:24.0.1311.0
  • Google Chrome 24.0.1310.0
    cpe:2.3:a:google:chrome:24.0.1310.0
  • Google Chrome 24.0.1309.0
    cpe:2.3:a:google:chrome:24.0.1309.0
  • Google Chrome 24.0.1308.0
    cpe:2.3:a:google:chrome:24.0.1308.0
  • Google Chrome 24.0.1307.1
    cpe:2.3:a:google:chrome:24.0.1307.1
  • Google Chrome 24.0.1307.0
    cpe:2.3:a:google:chrome:24.0.1307.0
  • Google Chrome 24.0.1306.1
    cpe:2.3:a:google:chrome:24.0.1306.1
  • Google Chrome 24.0.1306.0
    cpe:2.3:a:google:chrome:24.0.1306.0
  • Google Chrome 24.0.1305.4
    cpe:2.3:a:google:chrome:24.0.1305.4
  • Google Chrome 24.0.1305.3
    cpe:2.3:a:google:chrome:24.0.1305.3
  • Google Chrome 24.0.1305.2
    cpe:2.3:a:google:chrome:24.0.1305.2
  • Google Chrome 24.0.1305.1
    cpe:2.3:a:google:chrome:24.0.1305.1
  • Google Chrome 24.0.1305.0
    cpe:2.3:a:google:chrome:24.0.1305.0
  • Google Chrome 24.0.1304.1
    cpe:2.3:a:google:chrome:24.0.1304.1
  • Google Chrome 24.0.1304.0
    cpe:2.3:a:google:chrome:24.0.1304.0
  • Google Chrome 24.0.1303.0
    cpe:2.3:a:google:chrome:24.0.1303.0
  • Google Chrome 24.0.1302.0
    cpe:2.3:a:google:chrome:24.0.1302.0
  • Google Chrome 24.0.1301.2
    cpe:2.3:a:google:chrome:24.0.1301.2
  • Google Chrome 24.0.1301.0
    cpe:2.3:a:google:chrome:24.0.1301.0
  • Google Chrome 24.0.1300.0
    cpe:2.3:a:google:chrome:24.0.1300.0
  • Google Chrome 24.0.1312.51
    cpe:2.3:a:google:chrome:24.0.1312.51
  • Google Chrome 24.0.1312.55
    cpe:2.3:a:google:chrome:24.0.1312.55
  • Google Chrome 24.0.1312.54
    cpe:2.3:a:google:chrome:24.0.1312.54
  • Google Chrome 24.0.1312.53
    cpe:2.3:a:google:chrome:24.0.1312.53
  • Google Chrome 24.0.1312.52
    cpe:2.3:a:google:chrome:24.0.1312.52
CVSS
Base: 10.0 (as of 12-10-2016 - 13:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8D03202C655911E2A38900262D5ED8EE.NASL
    description Google Chrome Releases reports : [151008] High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. [170532] Medium CVE-2013-0840: Missing URL validation when opening new windows. [169770] High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google Chrome Security Team (Chris Evans). [166867] Medium CVE-2013-0842: Problems with NULL characters embedded in paths. Credit to Google Chrome Security Team (Juri Aedla).
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 63674
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63674
    title FreeBSD : chromium -- multiple vulnerabilities (8d03202c-6559-11e2-a389-00262d5ed8ee)
  • NASL family Windows
    NASL id GOOGLE_CHROME_24_0_1312_56.NASL
    description The version of Google Chrome installed on the remote host is earlier than 24.0.1312.56 and is, therefore, affected by the following vulnerabilities : - A use-after-free vulnerability exists related to font handling and canvas. (CVE-2013-0839) - An error exists related to URL validation and the opening of new browser windows. (CVE-2013-0840) - An array index is not properly checked in relation to content blocking. (CVE-2013-0841) - An unspecified error exists related to handling null characters in embedded paths. (CVE-2013-0842) Successful exploitation of some of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 63645
    published 2013-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63645
    title Google Chrome < 24.0.1312.56 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
oval via4
accepted 2013-08-12T04:08:25.551-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
family windows
id oval:org.mitre.oval:def:16335
status accepted
submitted 2013-01-25T09:07:10.582-05:00
title Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows
version 44
refmap via4
confirm
Last major update 13-10-2016 - 09:24
Published 24-01-2013 - 16:55
Last modified 18-09-2017 - 21:35
Back to Top