CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2013-6645
https://notcve.org/view.php?id=CVE-2013-6645
16 Jan 2014 — Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. Vulnerabilidad de uso despues de liberación en la función OnWindo... • http://code.google.com/p/chromium/issues/detail?id=320183 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2012-2898
https://notcve.org/view.php?id=CVE-2012-2898
05 Jan 2014 — Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. Google Chrome anteriores a 21.0.1180.82 en iOS para iPad permite a atacantes remotos falsear la URL Omnibox a través de vectores que involucran mensajes de error SSL, un problema relacionado con CVE-2012-0674. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 0CVE-2012-2899
https://notcve.org/view.php?id=CVE-2012-2899
05 Jan 2014 — Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method. Google Chrome anteriores a 21.0.1180.82 en iOS hacen determinadas llamadas incorrectas a métodos WebView que invocan el uso de una URL applewebdata:, lo cual permite a atacantes remotos sortear el la Same Origin Policy y efectu... • http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 58EXPL: 0CVE-2013-6634
https://notcve.org/view.php?id=CVE-2013-6634
07 Dec 2013 — The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. La función OneclickSigninHelper::ShowInfoBarIfPossible en browser/ui/sync/one_click_signin_helper.cc en Google Chrome anteriores a 31.0.1650.63 utiliza una URL incor... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 58EXPL: 0CVE-2013-6635
https://notcve.org/view.php?id=CVE-2013-6635
07 Dec 2013 — Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. Vulnerabilidad de uso después de liberación en la implementación de edición en Blink, como se utiliza en Google Chrome anteriores a 31.0.1650.63, ... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6636
https://notcve.org/view.php?id=CVE-2013-6636
07 Dec 2013 — The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. La función FrameLoader::notifyIfInitialdocumentAccessed en core/loader/FrameLoader.cpp en Blink, como utilizado en Google Chrome anteriores a 31.0.1650.63, hace una comprobación... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6637
https://notcve.org/view.php?id=CVE-2013-6637
07 Dec 2013 — Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades en Google Chrome anterior a la versión 31.0.1650.63 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html •
CVSS: 9.8EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6638
https://notcve.org/view.php?id=CVE-2013-6638
07 Dec 2013 — Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. Múltiples desbordamientos de buffer en runtime.cc en Google V8 anteriores a 3.22.24.7, como se utiliza en Google Chrome anteriores a 31.0.1650.63,... • http://code.google.com/p/v8/source/detail?r=17800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6639 – v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
https://notcve.org/view.php?id=CVE-2013-6639
07 Dec 2013 — The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. La función DehoistArrayIndex en el archivo hydrogen-dehoist.cc (también se conoce como el archivo hydrogen.cc) en Google V8 anterior a versión 3.22.24.7, tal como e... • http://code.google.com/p/v8/source/detail?r=17801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6640 – v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
https://notcve.org/view.php?id=CVE-2013-6640
07 Dec 2013 — The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. La función DehoistArrayIndex en el archivo hydrogen-dehoist.cc (también se conoce como el archivo hydrogen.cc) en Google V8 anterior a versión 3.22.24.7, tal como es usado en Google Chrome ante... • http://code.google.com/p/v8/source/detail?r=17801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •