CVSS: 6.8EPSS: 0%CPEs: 63EXPL: 0CVE-2013-2853
https://notcve.org/view.php?id=CVE-2013-2853
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation. La implementación HTTPS en Google Chrome anterior a 28.0.1500.71 no verifica que las cabeceras finalicen con \r\n\r\n (retorno de carro, nueva línea, retorno de carro, nueva línea), lo que permite a atacantes man-in-the-middle, provocar un impacto no especificado a través de vectores que provocan un truncado de cabecera. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=244260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033 •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2867
https://notcve.org/view.php?id=CVE-2013-2867
Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. Google Chrome anterior a 28.0.1500.71 no previene adecuadamente las ventanas pop-under, lo que permite a atacantes remotos provocar un impacto no especificado a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=252216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17216 •
CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2868
https://notcve.org/view.php?id=CVE-2013-2868
common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors. common/extensions/sync_helper.cc en Google Chrome anteriores a v28.0.1500.71 procede con la sincronización de operaciones para las extensiones NPAPI sin comprobar la configuración de permisos del plugin, lo que podría permitir a atacantes remotos provocar cambios en las extensiones no deseadas a través de vectores no especificados. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=84ece2d5af0e6f746ca63e483e2dbdbcab8b1e6c http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=252034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17347 •
CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2869
https://notcve.org/view.php?id=CVE-2013-2869
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image. Google Chrome anterior a v28.0.1500.71 permite a atacantes remotos causar una denegación de servicio (fuera de los límites de lectura) mediante una imagen JPEG2000 especialmente diseñada. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=245153 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2870
https://notcve.org/view.php?id=CVE-2013-2870
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. Vulnerabilidad usar despues de liberar en Google Chrome anterior a v28.0.1500.71 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta especialmente diseñada despues de una solicitud URL. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=5449227016f44d7c023b28a697ada40064c681a6 http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=242762 https://code.google.com/p/chromium/issues/detail?id=244746 https://oval.cisecurity.org/repository/search/definition • CWE-399: Resource Management Errors •