CVSS: 8.8EPSS: 1%CPEs: 52EXPL: 0CVE-2013-2904
https://notcve.org/view.php?id=CVE-2013-2904
21 Aug 2013 — Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document. Vulnerabilidad de uso después de liberación en la función Document::finishedParsing en core/dom/Doc... • http://crbug.com/260428 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 70EXPL: 0CVE-2013-2881
https://notcve.org/view.php?id=CVE-2013-2881
30 Jul 2013 — Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Google Chrome anterior a 28.0.1500.95, no maneja adecuadamente frames, lo que permite a atacantes remotos evitar la Same Origyn Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 0CVE-2013-2884
https://notcve.org/view.php?id=CVE-2013-2884
30 Jul 2013 — Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. Vulnerabilidad de uso después de liberación en la implementación DOM en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores relacionado con un ... • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 2%CPEs: 70EXPL: 0CVE-2013-2885
https://notcve.org/view.php?id=CVE-2013-2885
30 Jul 2013 — Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type. Vulnerabilidad de uso después de liberación en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio o posiblemente causar otro impacto a través de vectores... • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 70EXPL: 0CVE-2013-2886
https://notcve.org/view.php?id=CVE-2013-2886
30 Jul 2013 — Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 28.0.1500.95 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html •
CVSS: 9.8EPSS: 1%CPEs: 72EXPL: 0CVE-2013-2882 – v8: remote DoS or unspecified other impact via type confusion
https://notcve.org/view.php?id=CVE-2013-2882
30 Jul 2013 — Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Google V8, usado en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores que aprovechan "la confusión de tipos". • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 0CVE-2013-2883
https://notcve.org/view.php?id=CVE-2013-2883
30 Jul 2013 — Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. Vulnerabilidad de uso después de liberación en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores relacionados con la eliminación del registro de un objeto MutationObser... • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 63EXPL: 0CVE-2013-2853
https://notcve.org/view.php?id=CVE-2013-2853
10 Jul 2013 — The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation. La implementación HTTPS en Google Chrome anterior a 28.0.1500.71 no verifica que las cabeceras finalicen con \r\n\r\n (retorno de carro, nueva línea, retorno de carro, nueva línea), lo que permite a atacantes man-in-the-middl... • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071 •
CVSS: 8.8EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2867
https://notcve.org/view.php?id=CVE-2013-2867
10 Jul 2013 — Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. Google Chrome anterior a 28.0.1500.71 no previene adecuadamente las ventanas pop-under, lo que permite a atacantes remotos provocar un impacto no especificado a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2868
https://notcve.org/view.php?id=CVE-2013-2868
10 Jul 2013 — common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors. common/extensions/sync_helper.cc en Google Chrome anteriores a v28.0.1500.71 procede con la sincronización de operaciones para las extensiones NPAPI sin comprobar la configuración de permisos del plugin, lo que podría permitir a atacan... • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c •