CVE-2013-2885

Published: 31 July 2013

Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type.

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (30.0.1599.114-0ubuntu0.12.04.3)
	quantal	Released (30.0.1599.114-0ubuntu0.12.10.2)
	raring	Released (30.0.1599.114-0ubuntu0.13.04.2)
	saucy	Not vulnerable (29.0.1547.65-0ubuntu2)
	trusty	Not vulnerable (29.0.1547.65-0ubuntu2)
	upstream	Released (28.0.1500.95)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2885
https://code.google.com/p/chromium/issues/detail?id=257353
https://code.google.com/p/chromium/issues/detail?id=249640
https://chromium.googlesource.com/chromium/blink/+/dd13a061c49579e40f381b2dc9409fb0a920ec19^
https://chromium.googlesource.com/chromium/blink/+/7a7ea525c912f6e59aa3e915e7f2cf140c077a49
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/1207019

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›