CVSS: 7.5EPSS: 0%CPEs: 97EXPL: 0CVE-2013-6659
https://notcve.org/view.php?id=CVE-2013-6659
24 Feb 2014 — The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation. La función SSLClientSocketNSS::Core::OwnAuthCertHandler en net/socket/ssl_client_socket_nss.cc en Google Chrome anterior a 33.0.1750.117 no previen... • http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6166 – Google Chrome - Cookie Verification Denial of Service
https://notcve.org/view.php?id=CVE-2013-6166
15 Feb 2014 — Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. Google Chrome anterior a 29 envía cabeceras HTTP Cookie sin antes validar que tiene las restricciones character-set necesarias, lo que permite a atacantes remotos realizar el equivalent... • https://www.exploit-db.com/exploits/38420 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 69EXPL: 0CVE-2014-1681
https://notcve.org/view.php?id=CVE-2014-1681
28 Jan 2014 — Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 32.0.1700.102 tienen un impacto y vectores de ataque desconocidos, relacionados con 12 "correciones de seguridad (que no lo fueron) de contribuciones externas o de un interés particular" • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html •
CVSS: 8.8EPSS: 1%CPEs: 73EXPL: 1CVE-2013-6649
https://notcve.org/view.php?id=CVE-2013-6649
28 Jan 2014 — Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. Vulnerabilidad de liberación de recursos en la función RenderSVGImage::paint en core/rendering/svg/RenderSVGImage.cpp de Blink, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite... • http://crbug.com/330420 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 73EXPL: 1CVE-2013-6650 – v8: incorrect handling of popular pages
https://notcve.org/view.php?id=CVE-2013-6650
28 Jan 2014 — The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." La función StoreBuffer::ExemptPopularPages en store-buffer.cc de Google V8 anterior a la versión 3.22.24.16, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a... • http://crbug.com/331444 • CWE-20: Improper Input Validation CWE-480: Use of Incorrect Operator •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2013-6641
https://notcve.org/view.php?id=CVE-2013-6641
16 Jan 2014 — Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. Vulnerabilidad de uso despues de liberación en la función FormAssociatedElement::formRemovedFromTree en ... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 145EXPL: 0CVE-2013-6642
https://notcve.org/view.php?id=CVE-2013-6642
16 Jan 2014 — Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. Google Chrome hasta la versión 32.0.1700.23 en Android permite a atacantes remotos falsificar la barra de direcciones a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1CVE-2013-6643
https://notcve.org/view.php?id=CVE-2013-6643
16 Jan 2014 — The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. La función OneClickSigninBubbleView::WindowClosing en browser/ui/views/sync/one_click_signin_bubble_view.cc en Google Chrome anteriores a 32.0.1700.78 en ... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 17CVE-2013-6644
https://notcve.org/view.php?id=CVE-2013-6644
16 Jan 2014 — Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a la versión 32.0.1700.76 en Windows y anterior a 32.0.1700.77 en Mac OS X y Linux permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto mediante vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 1CVE-2013-6646
https://notcve.org/view.php?id=CVE-2013-6646
16 Jan 2014 — Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. Vulnerabilidad de uso despues de liberación en la implementación de Web WOrkers en Google Chrome anteriores a 32.0.1700.76 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacan... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •