CVSS: 8.8EPSS: 1%CPEs: 58EXPL: 0CVE-2013-6634
https://notcve.org/view.php?id=CVE-2013-6634
07 Dec 2013 — The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. La función OneclickSigninHelper::ShowInfoBarIfPossible en browser/ui/sync/one_click_signin_helper.cc en Google Chrome anteriores a 31.0.1650.63 utiliza una URL incor... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 58EXPL: 0CVE-2013-6635
https://notcve.org/view.php?id=CVE-2013-6635
07 Dec 2013 — Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. Vulnerabilidad de uso después de liberación en la implementación de edición en Blink, como se utiliza en Google Chrome anteriores a 31.0.1650.63, ... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6636
https://notcve.org/view.php?id=CVE-2013-6636
07 Dec 2013 — The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. La función FrameLoader::notifyIfInitialdocumentAccessed en core/loader/FrameLoader.cpp en Blink, como utilizado en Google Chrome anteriores a 31.0.1650.63, hace una comprobación... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6637
https://notcve.org/view.php?id=CVE-2013-6637
07 Dec 2013 — Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades en Google Chrome anterior a la versión 31.0.1650.63 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html •
CVSS: 9.8EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6638
https://notcve.org/view.php?id=CVE-2013-6638
07 Dec 2013 — Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. Múltiples desbordamientos de buffer en runtime.cc en Google V8 anteriores a 3.22.24.7, como se utiliza en Google Chrome anteriores a 31.0.1650.63,... • http://code.google.com/p/v8/source/detail?r=17800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6639 – v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
https://notcve.org/view.php?id=CVE-2013-6639
07 Dec 2013 — The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. La función DehoistArrayIndex en el archivo hydrogen-dehoist.cc (también se conoce como el archivo hydrogen.cc) en Google V8 anterior a versión 3.22.24.7, tal como e... • http://code.google.com/p/v8/source/detail?r=17801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 83EXPL: 0CVE-2013-6640 – v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
https://notcve.org/view.php?id=CVE-2013-6640
07 Dec 2013 — The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. La función DehoistArrayIndex en el archivo hydrogen-dehoist.cc (también se conoce como el archivo hydrogen.cc) en Google V8 anterior a versión 3.22.24.7, tal como es usado en Google Chrome ante... • http://code.google.com/p/v8/source/detail?r=17801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6802
https://notcve.org/view.php?id=CVE-2013-6802
16 Nov 2013 — Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. Google Chrome 31.0 anterior a.1650.57 antes permite a atacantes remotos evitar las restricciones de sandbox aprovechando el acceso a un proceso de render, como se demostró durante una competición Pwn2Own Mobile en PacSec 2013, una vulnerabilidad diferente ... • http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2013-6632
https://notcve.org/view.php?id=CVE-2013-6632
16 Nov 2013 — Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. Desbordamiento de enteros Google Chrome anterior a 31.0.1650.57 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, como se demostró durante una competición Pwn2Own... • http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 44EXPL: 0CVE-2013-6631
https://notcve.org/view.php?id=CVE-2013-6631
15 Nov 2013 — Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. Vulnerabilidad de uso después de liberación en la función Ch... • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html •