ID CVE-2013-2883
Summary Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.
References
Vulnerable Configurations
  • Google Chrome 28.0.1500.68
    cpe:2.3:a:google:chrome:28.0.1500.68
  • Google Chrome 28.0.1500.66
    cpe:2.3:a:google:chrome:28.0.1500.66
  • Google Chrome 28.0.1500.64
    cpe:2.3:a:google:chrome:28.0.1500.64
  • Google Chrome 28.0.1500.63
    cpe:2.3:a:google:chrome:28.0.1500.63
  • Google Chrome 28.0.1500.62
    cpe:2.3:a:google:chrome:28.0.1500.62
  • Google Chrome 28.0.1500.61
    cpe:2.3:a:google:chrome:28.0.1500.61
  • Google Chrome 28.0.1500.60
    cpe:2.3:a:google:chrome:28.0.1500.60
  • Google Chrome 28.0.1500.59
    cpe:2.3:a:google:chrome:28.0.1500.59
  • Google Chrome 28.0.1500.58
    cpe:2.3:a:google:chrome:28.0.1500.58
  • Google Chrome 28.0.1500.56
    cpe:2.3:a:google:chrome:28.0.1500.56
  • Google Chrome 28.0.1500.54
    cpe:2.3:a:google:chrome:28.0.1500.54
  • Google Chrome 28.0.1500.53
    cpe:2.3:a:google:chrome:28.0.1500.53
  • Google Chrome 28.0.1500.52
    cpe:2.3:a:google:chrome:28.0.1500.52
  • Google Chrome 28.0.1500.51
    cpe:2.3:a:google:chrome:28.0.1500.51
  • Google Chrome 28.0.1500.50
    cpe:2.3:a:google:chrome:28.0.1500.50
  • Google Chrome 28.0.1500.49
    cpe:2.3:a:google:chrome:28.0.1500.49
  • Google Chrome 28.0.1500.48
    cpe:2.3:a:google:chrome:28.0.1500.48
  • Google Chrome 28.0.1500.47
    cpe:2.3:a:google:chrome:28.0.1500.47
  • Google Chrome 28.0.1500.46
    cpe:2.3:a:google:chrome:28.0.1500.46
  • Google Chrome 28.0.1500.45
    cpe:2.3:a:google:chrome:28.0.1500.45
  • Google Chrome 28.0.1500.44
    cpe:2.3:a:google:chrome:28.0.1500.44
  • Google Chrome 28.0.1500.43
    cpe:2.3:a:google:chrome:28.0.1500.43
  • Google Chrome 28.0.1500.42
    cpe:2.3:a:google:chrome:28.0.1500.42
  • Google Chrome 28.0.1500.41
    cpe:2.3:a:google:chrome:28.0.1500.41
  • Google Chrome 28.0.1500.40
    cpe:2.3:a:google:chrome:28.0.1500.40
  • Google Chrome 28.0.1500.39
    cpe:2.3:a:google:chrome:28.0.1500.39
  • Google Chrome 28.0.1500.38
    cpe:2.3:a:google:chrome:28.0.1500.38
  • Google Chrome 28.0.1500.37
    cpe:2.3:a:google:chrome:28.0.1500.37
  • Google Chrome 28.0.1500.36
    cpe:2.3:a:google:chrome:28.0.1500.36
  • Google Chrome 28.0.1500.35
    cpe:2.3:a:google:chrome:28.0.1500.35
  • Google Chrome 28.0.1500.34
    cpe:2.3:a:google:chrome:28.0.1500.34
  • Google Chrome 28.0.1500.33
    cpe:2.3:a:google:chrome:28.0.1500.33
  • Google Chrome 28.0.1500.32
    cpe:2.3:a:google:chrome:28.0.1500.32
  • Google Chrome 28.0.1500.31
    cpe:2.3:a:google:chrome:28.0.1500.31
  • Google Chrome 28.0.1500.29
    cpe:2.3:a:google:chrome:28.0.1500.29
  • Google Chrome 28.0.1500.28
    cpe:2.3:a:google:chrome:28.0.1500.28
  • Google Chrome 28.0.1500.27
    cpe:2.3:a:google:chrome:28.0.1500.27
  • Google Chrome 28.0.1500.26
    cpe:2.3:a:google:chrome:28.0.1500.26
  • Google Chrome 28.0.1500.25
    cpe:2.3:a:google:chrome:28.0.1500.25
  • Google Chrome 28.0.1500.24
    cpe:2.3:a:google:chrome:28.0.1500.24
  • Google Chrome 28.0.1500.23
    cpe:2.3:a:google:chrome:28.0.1500.23
  • Google Chrome 28.0.1500.22
    cpe:2.3:a:google:chrome:28.0.1500.22
  • Google Chrome 28.0.1500.21
    cpe:2.3:a:google:chrome:28.0.1500.21
  • Google Chrome 28.0.1500.20
    cpe:2.3:a:google:chrome:28.0.1500.20
  • Google Chrome 28.0.1500.19
    cpe:2.3:a:google:chrome:28.0.1500.19
  • Google Chrome 28.0.1500.18
    cpe:2.3:a:google:chrome:28.0.1500.18
  • Google Chrome 28.0.1500.17
    cpe:2.3:a:google:chrome:28.0.1500.17
  • Google Chrome 28.0.1500.16
    cpe:2.3:a:google:chrome:28.0.1500.16
  • Google Chrome 28.0.1500.15
    cpe:2.3:a:google:chrome:28.0.1500.15
  • Google Chrome 28.0.1500.14
    cpe:2.3:a:google:chrome:28.0.1500.14
  • Google Chrome 28.0.1500.13
    cpe:2.3:a:google:chrome:28.0.1500.13
  • Google Chrome 28.0.1500.12
    cpe:2.3:a:google:chrome:28.0.1500.12
  • Google Chrome 28.0.1500.11
    cpe:2.3:a:google:chrome:28.0.1500.11
  • Google Chrome 28.0.1500.10
    cpe:2.3:a:google:chrome:28.0.1500.10
  • Google Chrome 28.0.1500.9
    cpe:2.3:a:google:chrome:28.0.1500.9
  • Google Chrome 28.0.1500.8
    cpe:2.3:a:google:chrome:28.0.1500.8
  • Google Chrome 28.0.1500.6
    cpe:2.3:a:google:chrome:28.0.1500.6
  • Google Chrome 28.0.1500.5
    cpe:2.3:a:google:chrome:28.0.1500.5
  • Google Chrome 28.0.1500.4
    cpe:2.3:a:google:chrome:28.0.1500.4
  • Google Chrome 28.0.1500.3
    cpe:2.3:a:google:chrome:28.0.1500.3
  • Google Chrome 28.0.1500.2
    cpe:2.3:a:google:chrome:28.0.1500.2
  • Google Chrome 28.0.1500.0
    cpe:2.3:a:google:chrome:28.0.1500.0
  • Google Chrome 28.0.1500.70
    cpe:2.3:a:google:chrome:28.0.1500.70
  • Google Chrome 28.0.1500.71
    cpe:2.3:a:google:chrome:28.0.1500.71
  • Google Chrome 28.0.1500.72
    cpe:2.3:a:google:chrome:28.0.1500.72
  • Google Chrome 28.0.1500.89
    cpe:2.3:a:google:chrome:28.0.1500.89
  • Google Chrome 28.0.1500.91
    cpe:2.3:a:google:chrome:28.0.1500.91
  • Google Chrome 28.0.1500.93
    cpe:2.3:a:google:chrome:28.0.1500.93
  • Google Chrome 28.0.1500.94
    cpe:2.3:a:google:chrome:28.0.1500.94
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 7.5 (as of 18-10-2016 - 08:55)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2732.NASL
    description Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling. - CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 JavaScript library. - CVE-2013-2883 Cloudfuzzer discovered a use-after-free issue in MutationObserver. - CVE-2013-2884 Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation. - CVE-2013-2885 Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling. - CVE-2013-2886 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69227
    published 2013-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69227
    title Debian DSA-2732-1 : chromium-browser - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_69098C5CFC4B11E28AD000262D5ED8EE.NASL
    description Google Chrome Releases reports : Eleven vulnerabilities, including : [257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. [260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. [260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. [248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. [249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. [261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.
    last seen 2019-02-21
    modified 2013-08-25
    plugin id 69214
    published 2013-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69214
    title FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)
  • NASL family Windows
    NASL id GOOGLE_CHROME_28_0_1500_95.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.95. It is, therefore, affected by multiple vulnerabilities : - A cross-origin restriction bypass error exists related to HTML frames. (CVE-2013-2881) - A type-confusion error exists in the V8 JavaScript engine. (CVE-2013-2882) - Use-after-free errors exist related to MutationObserver, DOM and input handling. (CVE-2013-2883, CVE-2013-2884, CVE-2013-2885) - Unspecified errors exist with no further details. (CVE-2013-2886)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69139
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69139
    title Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
oval via4
accepted 2013-09-09T04:02:11.093-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.
family windows
id oval:org.mitre.oval:def:17525
status accepted
submitted 2013-07-31T16:20:28.782-04:00
title Use-after-free vulnerability in Google Chrome before 28.0.1500.95 via vectors related to deleting the registration of a MutationObserver object
version 40
refmap via4
confirm
debian DSA-2732
Last major update 18-10-2016 - 13:11
Published 31-07-2013 - 09:20
Last modified 18-09-2017 - 21:36
Back to Top