VDB

GCVE-110-MAGEIA-2013-234

GCVE-110-MAGEIA-2013-234
Advisory Published
Vulnetix · Advisory published July 26, 2013
Updated chromium-browser-stable packages fix security vulnerabilities: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline) (CVE-2013-2853). Chrome does not properly prevent pop-under windows (CVE-2013-2867). common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting (CVE-2013-2868). Denial of service (out-of-bounds read) via a crafted JPEG2000 image (CVE-2013-2869). Use-after-free vulnerability in network sockets (CVE-2013-2870). Use-after-free vulnerability in input handling (CVE-2013-2871). Use-after-free vulnerability in resource loading (CVE-2013-2873). Out-of-bounds read in SVG file handling (CVE-2013-2875). Chrome does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits (CVE-2013-2876). Out-of-bounds read in text handling (CVE-2013-2878). The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked (CVE-2013-2879). The chrome 28 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2880).

Affected Products

VendorProductVersionsPlatforms
Mageiachromium-browser-stable0 (affected), 28.0.1500.71-1.mga3 (unaffected), 0 (affected), 28.0.1500.71-1.mga3.tainted (unaffected)
Mageiachromium-browser-stable0 (affected), 28.0.1500.71-1.mga2 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›