MGASA-2013-0234

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0234.html

Import Source

https://advisories.mageia.org/MGASA-2013-0234.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0234

Upstream

CVE-2013-2853

CVE-2013-2867

CVE-2013-2868

CVE-2013-2869

CVE-2013-2870

CVE-2013-2871

CVE-2013-2873

CVE-2013-2875

CVE-2013-2876

CVE-2013-2878

CVE-2013-2879

CVE-2013-2880

Published

2013-07-26T11:52:03Z

Modified

2026-04-16T04:44:47.827220650Z

Summary

Updated chromium-browser-stable packages fix security vulnerabilities

Details

Updated chromium-browser-stable packages fix security vulnerabilities:

The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline) (CVE-2013-2853).

Chrome does not properly prevent pop-under windows (CVE-2013-2867).

common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting (CVE-2013-2868).

Denial of service (out-of-bounds read) via a crafted JPEG2000 image (CVE-2013-2869).

Use-after-free vulnerability in network sockets (CVE-2013-2870).

Use-after-free vulnerability in input handling (CVE-2013-2871).

Use-after-free vulnerability in resource loading (CVE-2013-2873).

Out-of-bounds read in SVG file handling (CVE-2013-2875).

Chrome does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits (CVE-2013-2876).

Out-of-bounds read in text handling (CVE-2013-2878).

The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked (CVE-2013-2879).

The chrome 28 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2880).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / chromium-browser-stable

Package

Name: chromium-browser-stable
Purl: pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

28.0.1500.71-1.mga2

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0234.json"

Mageia:3 / chromium-browser-stable

Package

Name: chromium-browser-stable
Purl: pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

28.0.1500.71-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0234.json"

Mageia:3 / chromium-browser-stable

Package

Name: chromium-browser-stable
Purl: pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

28.0.1500.71-1.mga3.tainted

Ecosystem specific

{
    "section": "tainted"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0234.json"