CVSS: 5.0EPSS: 2%CPEs: 59EXPL: 0CVE-2013-2920
https://notcve.org/view.php?id=CVE-2013-2920
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring. La función DoResolveRelativeHost en url/url_canon_relative.cc en Google Chrome anteriores a 30.0.1599.66 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de una URL relativa que contenga un nombre de host, como fue demostrado por una URL relativa a protocolo comenzando con //www.google.com/ substring. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=285742 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451 https://src&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 59EXPL: 0CVE-2013-2924
https://notcve.org/view.php?id=CVE-2013-2924
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en International Components for Unicode (ICU), tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66 y otros productos, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores desconocidos. • http://bugs.icu-project.org/trac/ticket/10318 http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://jvn.jp/en/jp/JVN85336306/index.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 http://www.debian.org/security/2013/dsa-2786 http://www. • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 59EXPL: 0CVE-2013-2906
https://notcve.org/view.php?id=CVE-2013-2906
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp. Condiciones de carrera múltiple en la implementación Web Audio en Blink, tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66, permite a atacantes remotos causar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través de vectores relacionados con threading en core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, y modules/webaudio/ConvolverNode.cpp. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=223962 https://code.google.com/p/chromium/issues/detail?id=270758 https://code.google.com/p/chromium/i • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2013-2916
https://notcve.org/view.php?id=CVE-2013-2916
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof. Blink, tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66, permite a atacantes remotos falsificar la barra de direcciones a través de vectores que involucren una respuesta con un código de estado 204, en conjunción con un retraso en la notificación al usuario ante un intento de falsificación. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=281256 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18968 https://src&# •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2013-2915
https://notcve.org/view.php?id=CVE-2013-2915
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL. Google Chrome anterior a la versión 30.0.1599.66 conserva objetos NavigationEntry pendientes en ciertas circunstancias no válidas, lo que permite a atacantes remotos falsificar la barra de direcciones a través de una URL con un esquema malformado, como se demuestra con la URL nonexistent:12121. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2785 https://code.google.com/p/chromium/issues/detail?id=280512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319 https://src&# •