CVE-2013-2921
https://notcve.org/view.php?id=CVE-2013-2921
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry. Vulnerabilidad de doble liberación en la función ResourceFetcher::didLoadResource en core/fetch/ResourceFetcher.cpp del cargador de recursos en Blink, utilizado en Google Chrome anteriores a 30.0.1599.66, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado disparando ciertos procesos callback durante el reporte de una entrada de recurso. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=286414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389 https://src • CWE-399: Resource Management Errors •
CVE-2013-2920
https://notcve.org/view.php?id=CVE-2013-2920
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring. La función DoResolveRelativeHost en url/url_canon_relative.cc en Google Chrome anteriores a 30.0.1599.66 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de una URL relativa que contenga un nombre de host, como fue demostrado por una URL relativa a protocolo comenzando con //www.google.com/ substring. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=285742 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451 https://src • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2924
https://notcve.org/view.php?id=CVE-2013-2924
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en International Components for Unicode (ICU), tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66 y otros productos, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores desconocidos. • http://bugs.icu-project.org/trac/ticket/10318 http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://jvn.jp/en/jp/JVN85336306/index.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 http://www.debian.org/security/2013/dsa-2786 http://www. • CWE-399: Resource Management Errors •
CVE-2013-2906
https://notcve.org/view.php?id=CVE-2013-2906
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp. Condiciones de carrera múltiple en la implementación Web Audio en Blink, tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66, permite a atacantes remotos causar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través de vectores relacionados con threading en core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, y modules/webaudio/ConvolverNode.cpp. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=223962 https://code.google.com/p/chromium/issues/detail?id=270758 https://code.google.com/p/chromium/i • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-2916
https://notcve.org/view.php?id=CVE-2013-2916
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof. Blink, tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66, permite a atacantes remotos falsificar la barra de direcciones a través de vectores que involucren una respuesta con un código de estado 204, en conjunción con un retraso en la notificación al usuario ante un intento de falsificación. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=281256 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968 https://src •