[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Apr 13 05:21:15 PDT 2013
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 337 Published: Fri, 12 Apr 2013 18:33:25 GMT
New Fixlets:
============
***************************************************************
Title: The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors
Severity: Medium
Fixlet ID: 1589201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15892.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0917
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication
Severity: High
Fixlet ID: 1621501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16215.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0922
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
***************************************************************
Title: WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
Severity: High
Fixlet ID: 1627401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16274.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0912
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
***************************************************************
Title: Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension
Severity: High
Fixlet ID: 1636301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16363.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0925
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
***************************************************************
Title: Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation
Severity: Medium
Fixlet ID: 1652001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16520.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0918
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
***************************************************************
Title: Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43
Severity: High
Fixlet ID: 1655201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16552.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0920
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation
Severity: Medium
Fixlet ID: 1660101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16601.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0926
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
***************************************************************
Title: Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43
Severity: High
Fixlet ID: 1666501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16665.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0916
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes
Severity: Medium
Fixlet ID: 1667001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16670.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0921
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
***************************************************************
Title: The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors
Severity: Medium
Fixlet ID: 1667101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16671.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0923
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
***************************************************************
Title: The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions
Severity: High
Fixlet ID: 1667401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16674.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0924
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
More information about the WinVulns-Announcements
mailing list