ID CVE-2013-2867
Summary Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.
References
Vulnerable Configurations
  • Google Chrome 28.0.1500.70
    cpe:2.3:a:google:chrome:28.0.1500.70
  • Google Chrome 28.0.1500.68
    cpe:2.3:a:google:chrome:28.0.1500.68
  • Google Chrome 28.0.1500.66
    cpe:2.3:a:google:chrome:28.0.1500.66
  • Google Chrome 28.0.1500.64
    cpe:2.3:a:google:chrome:28.0.1500.64
  • Google Chrome 28.0.1500.63
    cpe:2.3:a:google:chrome:28.0.1500.63
  • Google Chrome 28.0.1500.62
    cpe:2.3:a:google:chrome:28.0.1500.62
  • Google Chrome 28.0.1500.61
    cpe:2.3:a:google:chrome:28.0.1500.61
  • Google Chrome 28.0.1500.60
    cpe:2.3:a:google:chrome:28.0.1500.60
  • Google Chrome 28.0.1500.59
    cpe:2.3:a:google:chrome:28.0.1500.59
  • Google Chrome 28.0.1500.58
    cpe:2.3:a:google:chrome:28.0.1500.58
  • Google Chrome 28.0.1500.56
    cpe:2.3:a:google:chrome:28.0.1500.56
  • Google Chrome 28.0.1500.54
    cpe:2.3:a:google:chrome:28.0.1500.54
  • Google Chrome 28.0.1500.53
    cpe:2.3:a:google:chrome:28.0.1500.53
  • Google Chrome 28.0.1500.52
    cpe:2.3:a:google:chrome:28.0.1500.52
  • Google Chrome 28.0.1500.51
    cpe:2.3:a:google:chrome:28.0.1500.51
  • Google Chrome 28.0.1500.50
    cpe:2.3:a:google:chrome:28.0.1500.50
  • Google Chrome 28.0.1500.49
    cpe:2.3:a:google:chrome:28.0.1500.49
  • Google Chrome 28.0.1500.48
    cpe:2.3:a:google:chrome:28.0.1500.48
  • Google Chrome 28.0.1500.47
    cpe:2.3:a:google:chrome:28.0.1500.47
  • Google Chrome 28.0.1500.46
    cpe:2.3:a:google:chrome:28.0.1500.46
  • Google Chrome 28.0.1500.45
    cpe:2.3:a:google:chrome:28.0.1500.45
  • Google Chrome 28.0.1500.44
    cpe:2.3:a:google:chrome:28.0.1500.44
  • Google Chrome 28.0.1500.43
    cpe:2.3:a:google:chrome:28.0.1500.43
  • Google Chrome 28.0.1500.42
    cpe:2.3:a:google:chrome:28.0.1500.42
  • Google Chrome 28.0.1500.41
    cpe:2.3:a:google:chrome:28.0.1500.41
  • Google Chrome 28.0.1500.40
    cpe:2.3:a:google:chrome:28.0.1500.40
  • Google Chrome 28.0.1500.39
    cpe:2.3:a:google:chrome:28.0.1500.39
  • Google Chrome 28.0.1500.38
    cpe:2.3:a:google:chrome:28.0.1500.38
  • Google Chrome 28.0.1500.37
    cpe:2.3:a:google:chrome:28.0.1500.37
  • Google Chrome 28.0.1500.36
    cpe:2.3:a:google:chrome:28.0.1500.36
  • Google Chrome 28.0.1500.35
    cpe:2.3:a:google:chrome:28.0.1500.35
  • Google Chrome 28.0.1500.34
    cpe:2.3:a:google:chrome:28.0.1500.34
  • Google Chrome 28.0.1500.33
    cpe:2.3:a:google:chrome:28.0.1500.33
  • Google Chrome 28.0.1500.32
    cpe:2.3:a:google:chrome:28.0.1500.32
  • Google Chrome 28.0.1500.31
    cpe:2.3:a:google:chrome:28.0.1500.31
  • Google Chrome 28.0.1500.29
    cpe:2.3:a:google:chrome:28.0.1500.29
  • Google Chrome 28.0.1500.28
    cpe:2.3:a:google:chrome:28.0.1500.28
  • Google Chrome 28.0.1500.27
    cpe:2.3:a:google:chrome:28.0.1500.27
  • Google Chrome 28.0.1500.26
    cpe:2.3:a:google:chrome:28.0.1500.26
  • Google Chrome 28.0.1500.25
    cpe:2.3:a:google:chrome:28.0.1500.25
  • Google Chrome 28.0.1500.24
    cpe:2.3:a:google:chrome:28.0.1500.24
  • Google Chrome 28.0.1500.23
    cpe:2.3:a:google:chrome:28.0.1500.23
  • Google Chrome 28.0.1500.22
    cpe:2.3:a:google:chrome:28.0.1500.22
  • Google Chrome 28.0.1500.21
    cpe:2.3:a:google:chrome:28.0.1500.21
  • Google Chrome 28.0.1500.20
    cpe:2.3:a:google:chrome:28.0.1500.20
  • Google Chrome 28.0.1500.19
    cpe:2.3:a:google:chrome:28.0.1500.19
  • Google Chrome 28.0.1500.18
    cpe:2.3:a:google:chrome:28.0.1500.18
  • Google Chrome 28.0.1500.17
    cpe:2.3:a:google:chrome:28.0.1500.17
  • Google Chrome 28.0.1500.16
    cpe:2.3:a:google:chrome:28.0.1500.16
  • Google Chrome 28.0.1500.15
    cpe:2.3:a:google:chrome:28.0.1500.15
  • Google Chrome 28.0.1500.14
    cpe:2.3:a:google:chrome:28.0.1500.14
  • Google Chrome 28.0.1500.13
    cpe:2.3:a:google:chrome:28.0.1500.13
  • Google Chrome 28.0.1500.12
    cpe:2.3:a:google:chrome:28.0.1500.12
  • Google Chrome 28.0.1500.11
    cpe:2.3:a:google:chrome:28.0.1500.11
  • Google Chrome 28.0.1500.10
    cpe:2.3:a:google:chrome:28.0.1500.10
  • Google Chrome 28.0.1500.9
    cpe:2.3:a:google:chrome:28.0.1500.9
  • Google Chrome 28.0.1500.8
    cpe:2.3:a:google:chrome:28.0.1500.8
  • Google Chrome 28.0.1500.6
    cpe:2.3:a:google:chrome:28.0.1500.6
  • Google Chrome 28.0.1500.5
    cpe:2.3:a:google:chrome:28.0.1500.5
  • Google Chrome 28.0.1500.4
    cpe:2.3:a:google:chrome:28.0.1500.4
  • Google Chrome 28.0.1500.3
    cpe:2.3:a:google:chrome:28.0.1500.3
  • Google Chrome 28.0.1500.2
    cpe:2.3:a:google:chrome:28.0.1500.2
  • Google Chrome 28.0.1500.0
    cpe:2.3:a:google:chrome:28.0.1500.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 7.5 (as of 18-10-2016 - 07:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3B80104FE96C11E28BAC00262D5ED8EE.NASL
    description Google Chrome Releases reports : A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs. [252216] Low CVE-2013-2867: Block pop-unders in various scenarios. [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla. [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. [196636] None: Remove the 'viewsource' attribute on iframes. Credit to Collin Jackson. [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.
    last seen 2019-02-21
    modified 2015-01-26
    plugin id 67237
    published 2013-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67237
    title FreeBSD : chromium -- multiple vulnerabilities (3b80104f-e96c-11e2-8bac-00262d5ed8ee)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2724.NASL
    description Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline). - CVE-2013-2867 Chrome does not properly prevent pop-under windows. - CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. - CVE-2013-2869 Denial of service (out-of-bounds read) via a crafted JPEG2000 image. - CVE-2013-2870 Use-after-free vulnerability in network sockets. - CVE-2013-2871 Use-after-free vulnerability in input handling. - CVE-2013-2873 Use-after-free vulnerability in resource loading. - CVE-2013-2875 Out-of-bounds read in SVG file handling. - CVE-2013-2876 Chromium does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits. - CVE-2013-2877 Out-of-bounds read in XML file handling. - CVE-2013-2878 Out-of-bounds read in text handling. - CVE-2013-2879 The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked. - CVE-2013-2880 The Chromium 28 development team found various issues from internal fuzzing, audits, and other studies.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 68970
    published 2013-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68970
    title Debian DSA-2724-1 : chromium-browser - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_28_0_1500_71.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.71 and is, therefore, affected by multiple vulnerabilities : - A vulnerability exists that exposes HTTP in SSL to a man-in-the-middle attack. (CVE-2013-2853) - Block pop-unders in various scenarios. (CVE-2013-2867) - An error exists related to an incorrect sync of the NPAPI extension component. (CVE-2013-2868) - An unspecified flaw exists due to a lack of entropy in renderers. (CVE-2013-2872) - Use-after-free errors exist related to network sockets, input handling, and resource loading. (CVE-2013-2870, CVE-2013-2871, CVE-2013-2873) - A screen data leak error exists related to GL textures. (CVE-2013-2874) - An extension permission error exists related to interstitials. (CVE-2013-2876) - Multiple out-of-bounds errors exist related to JPEG2000, SVG, text handling and XML parsing. (CVE-2013-2869, CVE-2013-2875, CVE-2013-2877, CVE-2013-2878) - An unspecified error exists when setting up sign-in and sync. (CVE-2013-2879) - The vendor reports various, unspecified errors exist. (CVE-2013-2880)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 67232
    published 2013-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67232
    title Google Chrome < 28.0.1500.71 Multiple Vulnerabilities
oval via4
accepted 2013-09-02T04:00:57.343-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.
family windows
id oval:org.mitre.oval:def:17216
status accepted
submitted 2013-07-12T11:33:28.782-04:00
title Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows
version 41
refmap via4
confirm
debian DSA-2724
Last major update 18-10-2016 - 11:17
Published 10-07-2013 - 06:55
Last modified 18-09-2017 - 21:36
Back to Top