CVE-2013-2832
https://notcve.org/view.php?id=CVE-2013-2832
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. La función Buffer::Set en core/cross/buffer.cc en el plug-in O3D en Google Chrome OS anterior a v26.0.1410.57 no impide que los datos no inicializados permanezcan en un búfer, pudiendo permitir a atacantes remotos obtener información sensible a través vectores no especificados. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html https://code.google.com/p/chromium/issues/detail?id=227197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0927
https://notcve.org/view.php?id=CVE-2013-0927
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. Google Chrome OS antes v26.0.1410.57 se basa en una implementación de Pango pango-utils.c read_config que carga el contenido del archivo .Pangorc en el directorio home del usuario y el archivo referenciado por la variable de entorno PANGO_RC_FILE, lo que permite a los atacantes para eludir las restricciones de acceso previstas a través unos datos de configuración hechos a medida. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=fb5a664def6cd34bf7295489ea73e1d989bdd6d0 http://googlechromereleases.blogspot.com/2013/04/chrome-os-stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=189250 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2013-0915
https://notcve.org/view.php?id=CVE-2013-0915
The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow." El proceso de GPU en Google Chrome OS anterior a v25.0.1364.173 permite a atacantes provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con un "desbordamiento". • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html https://code.google.com/p/chromium/issues/detail?id=181083 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-5129
https://notcve.org/view.php?id=CVE-2012-5129
Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors. Desbordamiento de búfer en memoria dinámica en el subsistema WebGL en Google Chrome OS antes de v23.0.1271.94, permite a atacantes remotos provocar una denegación de servicio (caída del proceso GPU) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html http://www.ubuntu.com/usn/USN-1818-1 https://code.google.com/p/chromium/issues/detail?id=145525 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2864
https://notcve.org/view.php?id=CVE-2012-2864
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." Mesa, tal y como se utiliza en Google Chrome v21.0.1183.0 en las plataformas AC700 Acer, Cr-48, y Samsung Chromebook Series 5 y 5 550, y el Samsung Chromebox Serie v3, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados que desencadenan un "desbordamiento de array". • http://code.google.com/p/chromium/issues/detail?id=141901 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html http://secunia.com/advisories/51215 http://www.mandriva.com/security/advisories?name=MDVSA-2013:103 http://www.ubuntu.com/usn/USN-1623-1 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •