CVE-2013-6657
https://notcve.org/view.php?id=CVE-2013-6657
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. core/html/parser/XSSAuditor.cpp en el auditor XSS en Blink, tal y como se usa en Google Chrome anterior a 33.0.1750.117, inserta la URL about:blank durante cierto bloqueo de elementos FORM dentro de solicitudes HTTP, lo que permite a atacantes remotos evadir Same Origin Policy y obtener información sensible a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html http://www.debian.org/security/2014/dsa-2883 https://code.google.com/p/chromium/issues/detail?id=331060 https://src.chromium.org/viewvc/blink?revision=164538&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6166 – Google Chrome - Cookie Verification Denial of Service
https://notcve.org/view.php?id=CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. Google Chrome anterior a 29 envía cabeceras HTTP Cookie sin antes validar que tiene las restricciones character-set necesarias, lo que permite a atacantes remotos realizar el equivalente a un ataque de Logout CSRF persistente a través de un parámetro manipulado que obliga una aplicación web a configurar una cookie malformado dentro de una respuesta HTTP. • https://www.exploit-db.com/exploits/38420 http://redmine.lighttpd.net/issues/2188 http://seclists.org/oss-sec/2013/q4/117 http://seclists.org/oss-sec/2013/q4/121 http://www.openwall.com/lists/oss-security/2013/04/03/10 https://code.google.com/p/chromium/issues/detail?id=238041 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-1681
https://notcve.org/view.php?id=CVE-2014-1681
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 32.0.1700.102 tienen un impacto y vectores de ataque desconocidos, relacionados con 12 "correciones de seguridad (que no lo fueron) de contribuciones externas o de un interés particular" • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://osvdb.org/102633 https://exchange.xforce.ibmcloud.com/vulnerabilities/90975 •
CVE-2013-6650 – v8: incorrect handling of popular pages
https://notcve.org/view.php?id=CVE-2013-6650
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." La función StoreBuffer::ExemptPopularPages en store-buffer.cc de Google V8 anterior a la versión 3.22.24.16, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores que desencadenen un manejo incorrecto de "páginas populares." • http://crbug.com/331444 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/v8/source/detail?r=18483 https://access.redhat.com/security/cve/CVE-2013-6650 https://bugzilla.redhat.com/show_bug.cgi?id=1059070 • CWE-20: Improper Input Validation CWE-480: Use of Incorrect Operator •
CVE-2013-6649
https://notcve.org/view.php?id=CVE-2013-6649
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. Vulnerabilidad de liberación de recursos en la función RenderSVGImage::paint en core/rendering/svg/RenderSVGImage.cpp de Blink, tal y como se usa en Google Chrome anterior a la versión 32.0.1700.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto y vectores que involucren una imagen SVG de tamaño 0. • http://crbug.com/330420 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://src.chromium.org/viewvc/blink?revision=164536&view=revision • CWE-399: Resource Management Errors •