CVSS: 7.5EPSS: 1%CPEs: 97EXPL: 0CVE-2013-6661
https://notcve.org/view.php?id=CVE-2013-6661
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 33.0.1750.117 permiten a atacantes evadir el mecanismo de protección sandbox después de obtener acceso de renderizado, o tener otro impacto, a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html http://www.debian.org/security/2014/dsa-2883 https://code.google.com/p/chromium/issues/detail?id=294687 https://code.google.com/p/chromium/issues/detail?id=312016 https://code.google.com/p/chromium/issues/detail?id=313005 https://code.google.com/p/chromium/issues/detail?id=314088 https://code.google.com/p/chromium/issues/detail? •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6166 – Google Chrome - Cookie Verification Denial of Service
https://notcve.org/view.php?id=CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. Google Chrome anterior a 29 envía cabeceras HTTP Cookie sin antes validar que tiene las restricciones character-set necesarias, lo que permite a atacantes remotos realizar el equivalente a un ataque de Logout CSRF persistente a través de un parámetro manipulado que obliga una aplicación web a configurar una cookie malformado dentro de una respuesta HTTP. • https://www.exploit-db.com/exploits/38420 http://redmine.lighttpd.net/issues/2188 http://seclists.org/oss-sec/2013/q4/117 http://seclists.org/oss-sec/2013/q4/121 http://www.openwall.com/lists/oss-security/2013/04/03/10 https://code.google.com/p/chromium/issues/detail?id=238041 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 69EXPL: 0CVE-2014-1681
https://notcve.org/view.php?id=CVE-2014-1681
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 32.0.1700.102 tienen un impacto y vectores de ataque desconocidos, relacionados con 12 "correciones de seguridad (que no lo fueron) de contribuciones externas o de un interés particular" • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://osvdb.org/102633 https://exchange.xforce.ibmcloud.com/vulnerabilities/90975 •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 1CVE-2013-6649
https://notcve.org/view.php?id=CVE-2013-6649
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. Vulnerabilidad de liberación de recursos en la función RenderSVGImage::paint en core/rendering/svg/RenderSVGImage.cpp de Blink, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto y vectores que involucren una imagen SVG de tamaño 0. • http://crbug.com/330420 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://src.chromium.org/viewvc/blink?revision=164536&view=revision • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 1CVE-2013-6650 – v8: incorrect handling of popular pages
https://notcve.org/view.php?id=CVE-2013-6650
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." La función StoreBuffer::ExemptPopularPages en store-buffer.cc de Google V8 anterior a la versión 3.22.24.16, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores que desencadenen un manejo incorrecto de "páginas populares." • http://crbug.com/331444 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/v8/source/detail?r=18483 https://access.redhat.com/security/cve/CVE-2013-6650 https://bugzilla.redhat.com/show_bug.cgi?id=1059070 • CWE-20: Improper Input Validation CWE-480: Use of Incorrect Operator •