ID CVE-2013-2884
Summary Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.
References
Vulnerable Configurations
  • Google Chrome 28.0.1500.68
    cpe:2.3:a:google:chrome:28.0.1500.68
  • Google Chrome 28.0.1500.66
    cpe:2.3:a:google:chrome:28.0.1500.66
  • Google Chrome 28.0.1500.64
    cpe:2.3:a:google:chrome:28.0.1500.64
  • Google Chrome 28.0.1500.63
    cpe:2.3:a:google:chrome:28.0.1500.63
  • Google Chrome 28.0.1500.62
    cpe:2.3:a:google:chrome:28.0.1500.62
  • Google Chrome 28.0.1500.61
    cpe:2.3:a:google:chrome:28.0.1500.61
  • Google Chrome 28.0.1500.60
    cpe:2.3:a:google:chrome:28.0.1500.60
  • Google Chrome 28.0.1500.59
    cpe:2.3:a:google:chrome:28.0.1500.59
  • Google Chrome 28.0.1500.58
    cpe:2.3:a:google:chrome:28.0.1500.58
  • Google Chrome 28.0.1500.56
    cpe:2.3:a:google:chrome:28.0.1500.56
  • Google Chrome 28.0.1500.54
    cpe:2.3:a:google:chrome:28.0.1500.54
  • Google Chrome 28.0.1500.53
    cpe:2.3:a:google:chrome:28.0.1500.53
  • Google Chrome 28.0.1500.52
    cpe:2.3:a:google:chrome:28.0.1500.52
  • Google Chrome 28.0.1500.51
    cpe:2.3:a:google:chrome:28.0.1500.51
  • Google Chrome 28.0.1500.50
    cpe:2.3:a:google:chrome:28.0.1500.50
  • Google Chrome 28.0.1500.49
    cpe:2.3:a:google:chrome:28.0.1500.49
  • Google Chrome 28.0.1500.48
    cpe:2.3:a:google:chrome:28.0.1500.48
  • Google Chrome 28.0.1500.47
    cpe:2.3:a:google:chrome:28.0.1500.47
  • Google Chrome 28.0.1500.46
    cpe:2.3:a:google:chrome:28.0.1500.46
  • Google Chrome 28.0.1500.45
    cpe:2.3:a:google:chrome:28.0.1500.45
  • Google Chrome 28.0.1500.44
    cpe:2.3:a:google:chrome:28.0.1500.44
  • Google Chrome 28.0.1500.43
    cpe:2.3:a:google:chrome:28.0.1500.43
  • Google Chrome 28.0.1500.42
    cpe:2.3:a:google:chrome:28.0.1500.42
  • Google Chrome 28.0.1500.41
    cpe:2.3:a:google:chrome:28.0.1500.41
  • Google Chrome 28.0.1500.40
    cpe:2.3:a:google:chrome:28.0.1500.40
  • Google Chrome 28.0.1500.39
    cpe:2.3:a:google:chrome:28.0.1500.39
  • Google Chrome 28.0.1500.38
    cpe:2.3:a:google:chrome:28.0.1500.38
  • Google Chrome 28.0.1500.37
    cpe:2.3:a:google:chrome:28.0.1500.37
  • Google Chrome 28.0.1500.36
    cpe:2.3:a:google:chrome:28.0.1500.36
  • Google Chrome 28.0.1500.35
    cpe:2.3:a:google:chrome:28.0.1500.35
  • Google Chrome 28.0.1500.34
    cpe:2.3:a:google:chrome:28.0.1500.34
  • Google Chrome 28.0.1500.33
    cpe:2.3:a:google:chrome:28.0.1500.33
  • Google Chrome 28.0.1500.32
    cpe:2.3:a:google:chrome:28.0.1500.32
  • Google Chrome 28.0.1500.31
    cpe:2.3:a:google:chrome:28.0.1500.31
  • Google Chrome 28.0.1500.29
    cpe:2.3:a:google:chrome:28.0.1500.29
  • Google Chrome 28.0.1500.28
    cpe:2.3:a:google:chrome:28.0.1500.28
  • Google Chrome 28.0.1500.27
    cpe:2.3:a:google:chrome:28.0.1500.27
  • Google Chrome 28.0.1500.26
    cpe:2.3:a:google:chrome:28.0.1500.26
  • Google Chrome 28.0.1500.25
    cpe:2.3:a:google:chrome:28.0.1500.25
  • Google Chrome 28.0.1500.24
    cpe:2.3:a:google:chrome:28.0.1500.24
  • Google Chrome 28.0.1500.23
    cpe:2.3:a:google:chrome:28.0.1500.23
  • Google Chrome 28.0.1500.22
    cpe:2.3:a:google:chrome:28.0.1500.22
  • Google Chrome 28.0.1500.21
    cpe:2.3:a:google:chrome:28.0.1500.21
  • Google Chrome 28.0.1500.20
    cpe:2.3:a:google:chrome:28.0.1500.20
  • Google Chrome 28.0.1500.19
    cpe:2.3:a:google:chrome:28.0.1500.19
  • Google Chrome 28.0.1500.18
    cpe:2.3:a:google:chrome:28.0.1500.18
  • Google Chrome 28.0.1500.17
    cpe:2.3:a:google:chrome:28.0.1500.17
  • Google Chrome 28.0.1500.16
    cpe:2.3:a:google:chrome:28.0.1500.16
  • Google Chrome 28.0.1500.15
    cpe:2.3:a:google:chrome:28.0.1500.15
  • Google Chrome 28.0.1500.14
    cpe:2.3:a:google:chrome:28.0.1500.14
  • Google Chrome 28.0.1500.13
    cpe:2.3:a:google:chrome:28.0.1500.13
  • Google Chrome 28.0.1500.12
    cpe:2.3:a:google:chrome:28.0.1500.12
  • Google Chrome 28.0.1500.11
    cpe:2.3:a:google:chrome:28.0.1500.11
  • Google Chrome 28.0.1500.10
    cpe:2.3:a:google:chrome:28.0.1500.10
  • Google Chrome 28.0.1500.9
    cpe:2.3:a:google:chrome:28.0.1500.9
  • Google Chrome 28.0.1500.8
    cpe:2.3:a:google:chrome:28.0.1500.8
  • Google Chrome 28.0.1500.6
    cpe:2.3:a:google:chrome:28.0.1500.6
  • Google Chrome 28.0.1500.5
    cpe:2.3:a:google:chrome:28.0.1500.5
  • Google Chrome 28.0.1500.4
    cpe:2.3:a:google:chrome:28.0.1500.4
  • Google Chrome 28.0.1500.3
    cpe:2.3:a:google:chrome:28.0.1500.3
  • Google Chrome 28.0.1500.2
    cpe:2.3:a:google:chrome:28.0.1500.2
  • Google Chrome 28.0.1500.0
    cpe:2.3:a:google:chrome:28.0.1500.0
  • Google Chrome 28.0.1500.70
    cpe:2.3:a:google:chrome:28.0.1500.70
  • Google Chrome 28.0.1500.71
    cpe:2.3:a:google:chrome:28.0.1500.71
  • Google Chrome 28.0.1500.72
    cpe:2.3:a:google:chrome:28.0.1500.72
  • Google Chrome 28.0.1500.89
    cpe:2.3:a:google:chrome:28.0.1500.89
  • Google Chrome 28.0.1500.91
    cpe:2.3:a:google:chrome:28.0.1500.91
  • Google Chrome 28.0.1500.93
    cpe:2.3:a:google:chrome:28.0.1500.93
  • Google Chrome 28.0.1500.94
    cpe:2.3:a:google:chrome:28.0.1500.94
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 7.5 (as of 18-10-2016 - 08:57)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2732.NASL
    description Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling. - CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 JavaScript library. - CVE-2013-2883 Cloudfuzzer discovered a use-after-free issue in MutationObserver. - CVE-2013-2884 Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation. - CVE-2013-2885 Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling. - CVE-2013-2886 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69227
    published 2013-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69227
    title Debian DSA-2732-1 : chromium-browser - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_69098C5CFC4B11E28AD000262D5ED8EE.NASL
    description Google Chrome Releases reports : Eleven vulnerabilities, including : [257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. [260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. [260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. [248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. [249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. [261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.
    last seen 2019-02-21
    modified 2013-08-25
    plugin id 69214
    published 2013-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69214
    title FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)
  • NASL family Windows
    NASL id GOOGLE_CHROME_28_0_1500_95.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.95. It is, therefore, affected by multiple vulnerabilities : - A cross-origin restriction bypass error exists related to HTML frames. (CVE-2013-2881) - A type-confusion error exists in the V8 JavaScript engine. (CVE-2013-2882) - Use-after-free errors exist related to MutationObserver, DOM and input handling. (CVE-2013-2883, CVE-2013-2884, CVE-2013-2885) - Unspecified errors exist with no further details. (CVE-2013-2886)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69139
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69139
    title Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
oval via4
accepted 2013-09-09T04:02:26.958-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.
family windows
id oval:org.mitre.oval:def:17597
status accepted
submitted 2013-07-31T16:20:28.782-04:00
title Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 via vectors related to improper tracking of which document owns an Attr object
version 40
refmap via4
confirm
debian DSA-2732
Last major update 18-10-2016 - 13:11
Published 31-07-2013 - 09:20
Last modified 18-09-2017 - 21:36
Back to Top