CVE-2013-2918

EUVD-2013-2857
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 30.0.1599.65
googlechrome
30.0.1599.0
googlechrome
30.0.1599.1
googlechrome
30.0.1599.2
googlechrome
30.0.1599.4
googlechrome
30.0.1599.5
googlechrome
30.0.1599.6
googlechrome
30.0.1599.7
googlechrome
30.0.1599.8
googlechrome
30.0.1599.9
googlechrome
30.0.1599.10
googlechrome
30.0.1599.11
googlechrome
30.0.1599.12
googlechrome
30.0.1599.13
googlechrome
30.0.1599.14
googlechrome
30.0.1599.15
googlechrome
30.0.1599.16
googlechrome
30.0.1599.17
googlechrome
30.0.1599.18
googlechrome
30.0.1599.19
googlechrome
30.0.1599.20
googlechrome
30.0.1599.21
googlechrome
30.0.1599.22
googlechrome
30.0.1599.23
googlechrome
30.0.1599.24
googlechrome
30.0.1599.25
googlechrome
30.0.1599.26
googlechrome
30.0.1599.27
googlechrome
30.0.1599.28
googlechrome
30.0.1599.29
googlechrome
30.0.1599.30
googlechrome
30.0.1599.31
googlechrome
30.0.1599.32
googlechrome
30.0.1599.33
googlechrome
30.0.1599.34
googlechrome
30.0.1599.35
googlechrome
30.0.1599.36
googlechrome
30.0.1599.37
googlechrome
30.0.1599.38
googlechrome
30.0.1599.39
googlechrome
30.0.1599.40
googlechrome
30.0.1599.41
googlechrome
30.0.1599.42
googlechrome
30.0.1599.43
googlechrome
30.0.1599.44
googlechrome
30.0.1599.47
googlechrome
30.0.1599.48
googlechrome
30.0.1599.49
googlechrome
30.0.1599.50
googlechrome
30.0.1599.51
googlechrome
30.0.1599.52
googlechrome
30.0.1599.53
googlechrome
30.0.1599.56
googlechrome
30.0.1599.57
googlechrome
30.0.1599.58
googlechrome
30.0.1599.59
googlechrome
30.0.1599.60
googlechrome
30.0.1599.61
googlechrome
30.0.1599.64
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 30.0.1599.114-0ubuntu0.12.04.3
released
quantal
Fixed 30.0.1599.114-0ubuntu0.12.10.2
released
raring
Fixed 30.0.1599.114-0ubuntu0.13.04.2
released
saucy
Fixed 30.0.1599.114-0ubuntu0.13.10.2
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=282088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
https://src.chromium.org/viewvc/blink?revision=157392&view=revision
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.debian.org/security/2013/dsa-2785
https://code.google.com/p/chromium/issues/detail?id=282088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18839
https://src.chromium.org/viewvc/blink?revision=157392&view=revision