ID CVE-2013-2859
Summary Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Google Chrome 27.0.1453.109
    cpe:2.3:a:google:chrome:27.0.1453.109
  • Google Chrome 27.0.1453.63
    cpe:2.3:a:google:chrome:27.0.1453.63
  • Google Chrome 27.0.1453.64
    cpe:2.3:a:google:chrome:27.0.1453.64
  • Google Chrome 27.0.1453.65
    cpe:2.3:a:google:chrome:27.0.1453.65
  • Google Chrome 27.0.1453.66
    cpe:2.3:a:google:chrome:27.0.1453.66
  • Google Chrome 27.0.1453.67
    cpe:2.3:a:google:chrome:27.0.1453.67
  • Google Chrome 27.0.1453.68
    cpe:2.3:a:google:chrome:27.0.1453.68
  • Google Chrome 27.0.1453.69
    cpe:2.3:a:google:chrome:27.0.1453.69
  • Google Chrome 27.0.1453.70
    cpe:2.3:a:google:chrome:27.0.1453.70
  • Google Chrome 27.0.1453.55
    cpe:2.3:a:google:chrome:27.0.1453.55
  • Google Chrome 27.0.1453.56
    cpe:2.3:a:google:chrome:27.0.1453.56
  • Google Chrome 27.0.1453.57
    cpe:2.3:a:google:chrome:27.0.1453.57
  • Google Chrome 27.0.1453.58
    cpe:2.3:a:google:chrome:27.0.1453.58
  • Google Chrome 27.0.1453.59
    cpe:2.3:a:google:chrome:27.0.1453.59
  • Google Chrome 27.0.1453.60
    cpe:2.3:a:google:chrome:27.0.1453.60
  • Google Chrome 27.0.1453.61
    cpe:2.3:a:google:chrome:27.0.1453.61
  • Google Chrome 27.0.1453.62
    cpe:2.3:a:google:chrome:27.0.1453.62
  • Google Chrome 27.0.1453.80
    cpe:2.3:a:google:chrome:27.0.1453.80
  • Google Chrome 27.0.1453.79
    cpe:2.3:a:google:chrome:27.0.1453.79
  • Google Chrome 27.0.1453.82
    cpe:2.3:a:google:chrome:27.0.1453.82
  • Google Chrome 27.0.1453.81
    cpe:2.3:a:google:chrome:27.0.1453.81
  • Google Chrome 27.0.1453.84
    cpe:2.3:a:google:chrome:27.0.1453.84
  • Google Chrome 27.0.1453.83
    cpe:2.3:a:google:chrome:27.0.1453.83
  • Google Chrome 27.0.1453.86
    cpe:2.3:a:google:chrome:27.0.1453.86
  • Google Chrome 27.0.1453.85
    cpe:2.3:a:google:chrome:27.0.1453.85
  • Google Chrome 27.0.1453.72
    cpe:2.3:a:google:chrome:27.0.1453.72
  • Google Chrome 27.0.1453.71
    cpe:2.3:a:google:chrome:27.0.1453.71
  • Google Chrome 27.0.1453.74
    cpe:2.3:a:google:chrome:27.0.1453.74
  • Google Chrome 27.0.1453.73
    cpe:2.3:a:google:chrome:27.0.1453.73
  • Google Chrome 27.0.1453.76
    cpe:2.3:a:google:chrome:27.0.1453.76
  • Google Chrome 27.0.1453.75
    cpe:2.3:a:google:chrome:27.0.1453.75
  • Google Chrome 27.0.1453.78
    cpe:2.3:a:google:chrome:27.0.1453.78
  • Google Chrome 27.0.1453.77
    cpe:2.3:a:google:chrome:27.0.1453.77
  • Google Chrome 27.0.1453.89
    cpe:2.3:a:google:chrome:27.0.1453.89
  • Google Chrome 27.0.1453.90
    cpe:2.3:a:google:chrome:27.0.1453.90
  • Google Chrome 27.0.1453.87
    cpe:2.3:a:google:chrome:27.0.1453.87
  • Google Chrome 27.0.1453.88
    cpe:2.3:a:google:chrome:27.0.1453.88
  • Google Chrome 27.0.1453.91
    cpe:2.3:a:google:chrome:27.0.1453.91
  • Google Chrome 27.0.1453.93
    cpe:2.3:a:google:chrome:27.0.1453.93
  • Google Chrome 27.0.1453.10
    cpe:2.3:a:google:chrome:27.0.1453.10
  • Google Chrome 27.0.1453.9
    cpe:2.3:a:google:chrome:27.0.1453.9
  • Google Chrome 27.0.1453.103
    cpe:2.3:a:google:chrome:27.0.1453.103
  • Google Chrome 27.0.1453.104
    cpe:2.3:a:google:chrome:27.0.1453.104
  • Google Chrome 27.0.1453.94
    cpe:2.3:a:google:chrome:27.0.1453.94
  • Google Chrome 27.0.1453.102
    cpe:2.3:a:google:chrome:27.0.1453.102
  • Google Chrome 27.0.1453.41
    cpe:2.3:a:google:chrome:27.0.1453.41
  • Google Chrome 27.0.1453.106
    cpe:2.3:a:google:chrome:27.0.1453.106
  • Google Chrome 27.0.1453.42
    cpe:2.3:a:google:chrome:27.0.1453.42
  • Google Chrome 27.0.1453.105
    cpe:2.3:a:google:chrome:27.0.1453.105
  • Google Chrome 27.0.1453.43
    cpe:2.3:a:google:chrome:27.0.1453.43
  • Google Chrome 27.0.1453.108
    cpe:2.3:a:google:chrome:27.0.1453.108
  • Google Chrome 27.0.1453.44
    cpe:2.3:a:google:chrome:27.0.1453.44
  • Google Chrome 27.0.1453.107
    cpe:2.3:a:google:chrome:27.0.1453.107
  • Google Chrome 27.0.1453.37
    cpe:2.3:a:google:chrome:27.0.1453.37
  • Google Chrome 27.0.1453.38
    cpe:2.3:a:google:chrome:27.0.1453.38
  • Google Chrome 27.0.1453.39
    cpe:2.3:a:google:chrome:27.0.1453.39
  • Google Chrome 27.0.1453.40
    cpe:2.3:a:google:chrome:27.0.1453.40
  • Google Chrome 27.0.1453.50
    cpe:2.3:a:google:chrome:27.0.1453.50
  • Google Chrome 27.0.1453.51
    cpe:2.3:a:google:chrome:27.0.1453.51
  • Google Chrome 27.0.1453.52
    cpe:2.3:a:google:chrome:27.0.1453.52
  • Google Chrome 27.0.1453.54
    cpe:2.3:a:google:chrome:27.0.1453.54
  • Google Chrome 27.0.1453.45
    cpe:2.3:a:google:chrome:27.0.1453.45
  • Google Chrome 27.0.1453.46
    cpe:2.3:a:google:chrome:27.0.1453.46
  • Google Chrome 27.0.1453.47
    cpe:2.3:a:google:chrome:27.0.1453.47
  • Google Chrome 27.0.1453.49
    cpe:2.3:a:google:chrome:27.0.1453.49
  • Google Chrome 27.0.1453.3
    cpe:2.3:a:google:chrome:27.0.1453.3
  • Google Chrome 27.0.1453.4
    cpe:2.3:a:google:chrome:27.0.1453.4
  • Google Chrome 27.0.1453.1
    cpe:2.3:a:google:chrome:27.0.1453.1
  • Google Chrome 27.0.1453.2
    cpe:2.3:a:google:chrome:27.0.1453.2
  • Google Chrome 27.0.1453.7
    cpe:2.3:a:google:chrome:27.0.1453.7
  • Google Chrome 27.0.1453.8
    cpe:2.3:a:google:chrome:27.0.1453.8
  • Google Chrome 27.0.1453.5
    cpe:2.3:a:google:chrome:27.0.1453.5
  • Google Chrome 27.0.1453.6
    cpe:2.3:a:google:chrome:27.0.1453.6
  • Google Chrome 27.0.1453.34
    cpe:2.3:a:google:chrome:27.0.1453.34
  • Google Chrome 27.0.1453.15
    cpe:2.3:a:google:chrome:27.0.1453.15
  • Google Chrome 27.0.1453.36
    cpe:2.3:a:google:chrome:27.0.1453.36
  • Google Chrome 27.0.1453.35
    cpe:2.3:a:google:chrome:27.0.1453.35
  • Google Chrome 27.0.1453.11
    cpe:2.3:a:google:chrome:27.0.1453.11
  • Google Chrome 27.0.1453.0
    cpe:2.3:a:google:chrome:27.0.1453.0
  • Google Chrome 27.0.1453.13
    cpe:2.3:a:google:chrome:27.0.1453.13
  • Google Chrome 27.0.1453.12
    cpe:2.3:a:google:chrome:27.0.1453.12
CVSS
Base: 7.5 (as of 30-09-2016 - 14:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_27_0_1453_110.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 27.0.1453.110 and is, therefore, affected by the following vulnerabilities : - An error exists related to the renderer and bad handles. (CVE-2013-2854) - Errors exist related to dev tools API, Skia GPU handling and SSL socket handling that could result in memory corruption. (CVE-2013-2855, CVE-2013-2862, CVE-2013-2863) - Use-after-free errors exist related to input and image handling, HTML5 audio, workers accessing database APIs and SVG processing. (CVE-2013-2856, CVE-2013-2857, CVE-2013-2858, CVE-2013-2860, CVE-2013-2861) - An unspecified error exists that could allow cross- origin namespace pollution. (CVE-2013-2859) - An error exists in the PDF viewer that could allow bad free operations. (CVE-2013-2864) - The vendor reports various, unspecified errors exist. (CVE-2013-2865)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 66813
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66813
    title Google Chrome < 27.0.1453.110 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4865D189CD6211E2AE1100262D5ED8EE.NASL
    description Google Chrome Releases reports : [242322] Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to 'daniel.zulla'. [242224] High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. [240124] High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. [239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to 'cdel921'. [237022] High CVE-2013-2859: Cross-origin namespace pollution. to 'bobbyholley'. [225546] High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. [209604] High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. [161077] High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. [232633] Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastian Marchand of the Chromium development community. [239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. [246389] High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.
    last seen 2019-02-21
    modified 2013-06-29
    plugin id 66799
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66799
    title FreeBSD : chromium -- multiple vulnerabilities (4865d189-cd62-11e2-ae11-00262d5ed8ee)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2706.NASL
    description Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. - CVE-2013-2856 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. - CVE-2013-2857 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. - CVE-2013-2858 Use-after-free vulnerability in the HTML5 Audio implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2013-2859 Chromium before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. - CVE-2013-2860 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. - CVE-2013-2861 Use-after-free vulnerability in the SVG implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2013-2862 Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. - CVE-2013-2863 Chromium before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - CVE-2013-2865 Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66852
    published 2013-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66852
    title Debian DSA-2706-1 : chromium-browser - several vulnerabilities
oval via4
accepted 2013-08-12T04:08:40.209-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
family windows
id oval:org.mitre.oval:def:16640
status accepted
submitted 2013-06-04T22:14:11.849-04:00
title Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors
version 42
refmap via4
confirm
debian DSA-2706
Last major update 03-10-2016 - 13:06
Published 04-06-2013 - 20:55
Last modified 18-09-2017 - 21:36
Back to Top