CVSS: 8.8EPSS: 1%CPEs: 73EXPL: 1CVE-2013-6650 – v8: incorrect handling of popular pages
https://notcve.org/view.php?id=CVE-2013-6650
28 Jan 2014 — The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." La función StoreBuffer::ExemptPopularPages en store-buffer.cc de Google V8 anterior a la versión 3.22.24.16, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a... • http://crbug.com/331444 • CWE-20: Improper Input Validation CWE-480: Use of Incorrect Operator •
CVSS: 10.0EPSS: 0%CPEs: 69EXPL: 0CVE-2014-1681
https://notcve.org/view.php?id=CVE-2014-1681
28 Jan 2014 — Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 32.0.1700.102 tienen un impacto y vectores de ataque desconocidos, relacionados con 12 "correciones de seguridad (que no lo fueron) de contribuciones externas o de un interés particular" • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2013-6641
https://notcve.org/view.php?id=CVE-2013-6641
16 Jan 2014 — Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. Vulnerabilidad de uso despues de liberación en la función FormAssociatedElement::formRemovedFromTree en ... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 145EXPL: 0CVE-2013-6642
https://notcve.org/view.php?id=CVE-2013-6642
16 Jan 2014 — Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. Google Chrome hasta la versión 32.0.1700.23 en Android permite a atacantes remotos falsificar la barra de direcciones a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1CVE-2013-6643
https://notcve.org/view.php?id=CVE-2013-6643
16 Jan 2014 — The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. La función OneClickSigninBubbleView::WindowClosing en browser/ui/views/sync/one_click_signin_bubble_view.cc en Google Chrome anteriores a 32.0.1700.78 en ... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 17CVE-2013-6644
https://notcve.org/view.php?id=CVE-2013-6644
16 Jan 2014 — Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a la versión 32.0.1700.76 en Windows y anterior a 32.0.1700.77 en Mac OS X y Linux permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto mediante vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 1CVE-2013-6646
https://notcve.org/view.php?id=CVE-2013-6646
16 Jan 2014 — Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. Vulnerabilidad de uso despues de liberación en la implementación de Web WOrkers en Google Chrome anteriores a 32.0.1700.76 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacan... • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2013-6645
https://notcve.org/view.php?id=CVE-2013-6645
16 Jan 2014 — Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. Vulnerabilidad de uso despues de liberación en la función OnWindo... • http://code.google.com/p/chromium/issues/detail?id=320183 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2012-2898
https://notcve.org/view.php?id=CVE-2012-2898
05 Jan 2014 — Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. Google Chrome anteriores a 21.0.1180.82 en iOS para iPad permite a atacantes remotos falsear la URL Omnibox a través de vectores que involucran mensajes de error SSL, un problema relacionado con CVE-2012-0674. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 0CVE-2012-2899
https://notcve.org/view.php?id=CVE-2012-2899
05 Jan 2014 — Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method. Google Chrome anteriores a 21.0.1180.82 en iOS hacen determinadas llamadas incorrectas a métodos WebView que invocan el uso de una URL applewebdata:, lo cual permite a atacantes remotos sortear el la Same Origin Policy y efectu... • http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •