CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6636 – Debian Security Advisory 2811-1
https://notcve.org/view.php?id=CVE-2013-6636
07 Dec 2013 — The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. La función FrameLoader::notifyIfInitialdocumentAccessed en core/loader/FrameLoader.cpp en Blink, como utilizado en Google Chrome anteriores a 31.0.1650.63, hace una comprobación... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 58EXPL: 0CVE-2013-6635 – Debian Security Advisory 2811-1
https://notcve.org/view.php?id=CVE-2013-6635
07 Dec 2013 — Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. Vulnerabilidad de uso después de liberación en la implementación de edición en Blink, como se utiliza en Google Chrome anteriores a 31.0.1650.63, ... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 58EXPL: 0CVE-2013-6634 – Debian Security Advisory 2811-1
https://notcve.org/view.php?id=CVE-2013-6634
07 Dec 2013 — The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. La función OneclickSigninHelper::ShowInfoBarIfPossible en browser/ui/sync/one_click_signin_helper.cc en Google Chrome anteriores a 31.0.1650.63 utiliza una URL incor... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2013-6637 – Debian Security Advisory 2811-1
https://notcve.org/view.php?id=CVE-2013-6637
07 Dec 2013 — Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades en Google Chrome anterior a la versión 31.0.1650.63 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 3... • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2013-6632 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6632
16 Nov 2013 — Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. Desbordamiento de enteros Google Chrome anterior a 31.0.1650.57 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, como se demostró durante una competición Pwn2Own... • http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6802 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6802
16 Nov 2013 — Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. Google Chrome 31.0 anterior a.1650.57 antes permite a atacantes remotos evitar las restricciones de sandbox aprovechando el acceso a un proceso de render, como se demostró durante una competición Pwn2Own Mobile en PacSec 2013, una vulnerabilidad diferente ... • http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 44EXPL: 0CVE-2013-6631
https://notcve.org/view.php?id=CVE-2013-6631
15 Nov 2013 — Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. Vulnerabilidad de uso después de liberación en la función Ch... • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html •
CVSS: 10.0EPSS: 1%CPEs: 44EXPL: 0CVE-2013-2931 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-2931
13 Nov 2013 — Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 31.0.1650.48 permiten a atacantes ejecutar código arbitrario o posiblemente tener otro impacto a través de vectores desconocidos. Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 33.0... • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html •
CVSS: 9.8EPSS: 2%CPEs: 44EXPL: 0CVE-2013-6625 – Apple Security Advisory 2014-04-01-1
https://notcve.org/view.php?id=CVE-2013-6625
13 Nov 2013 — Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event. Uso después de liberación en core/dom/ContainerNode.cppde Blink, tal como se usa en Google Chrome anterior a la versión 31.0.1650.48, permite a atacantes remoto... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 3%CPEs: 44EXPL: 2CVE-2013-6627 – Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2013-6627
13 Nov 2013 — net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. net/http/http_stream_parser.cc en Google Chrome anterior a la versión 31.0.1650.48 no procesa adecuadamente códigos de estado HTTP Informational (también conocido como 1xx), lo que permite en servidores web remotos provocar una denegación de servicio (lectura fuera de ... • https://packetstorm.news/files/id/140209 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •