CVSS: 5.8EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6666
https://notcve.org/view.php?id=CVE-2013-6666
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. La función PepperFlashRendererHost::OnNavigate en renderer/pepper/pepper_flash_renderer_host.cc en Google Chrome anterior a 33.0.1750.146 no verifica que todas las cabeceras son cabeceras Cross-Origin Resource Sharing (CORS) simples antes de proceder con una operación PPB_Flash.Navigate, lo que podría permitir a atacantes remotos evadir restricciones CORS a través de una cabecera no apropiada. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/65930 https://code.google.com/p/chromium/issues/detail?id=332023 https://src.chromium.org/viewvc/chrome?revision=249114&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 145EXPL: 0CVE-2013-6668 – v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146
https://notcve.org/view.php?id=CVE-2013-6668
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.10, utilizado en Google Chrome anterior a 33.0.1750.146, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://advisories.mageia.org/MGASA-2014-0516.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html http://secunia.com/advisories/61184 http://www-01.ibm.com/support/docview.wss?uid=swg21683389 http://www.debian.org/security/2014/dsa-2883 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 http://www.securityfocus.com/bid/65930 https://code.google.com/p/chromium/issues/detail?id=343964 https://code.google.com/p/chromium/issues/detail?id=3441 •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6667
https://notcve.org/view.php?id=CVE-2013-6667
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 33.0.1750.146 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/65930 https://code.google.com/p/chromium/issues/detail?id=329006 https://code.google.com/p/chromium/issues/detail?id=332947 https://code.google.com/p/chromium/issues/detail?id=333279 https://code.google.com/p/chromium/issues/detail?id=333280 https://code.google.com/p/chromium/issues/detail? •
CVSS: 7.5EPSS: 2%CPEs: 106EXPL: 0CVE-2013-6663
https://notcve.org/view.php?id=CVE-2013-6663
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view. Vulnerabilidad de uso después de liberación en la función SVGImage::setContainerSize en core/svg/graphics/SVGImage.cpp en la implementación SVG en Blink, utilizado en Google Chrome anterior a 33.0.1750.146, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la redimensión de una vista. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/65930 https:/&#x • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6664
https://notcve.org/view.php?id=CVE-2013-6664
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature. Vulnerabilidad de uso después de liberación en la función FormAssociatedElement::formRemovedFromTree en core/html/FormAssociatedElement.cpp en Blink, utilizado en Google Chrome anterior a 33.0.1750.146, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores involucrando elementos FORM, tal y como fue demostrado por el uso de la funcionalidad speech-recognition. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/65930 https://code.google.com/p/chromium/issues/detail?id=326854 https://src.chromium.org/viewvc/blink?revision=163825&view=revision • CWE-399: Resource Management Errors •