CVSS: 5.8EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2879
https://notcve.org/view.php?id=CVE-2013-2879
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. Google Chrome anterior a 28.0.1500.71 no determina adecuadamente las circunstancias en las que un proceso de renderizado debe considerarse como confiable para suscribirse y posteriormente realizar operaciones de sincronización, lo que facilita a atacantes remotos el llevar a cabo ataques de phishing mediante un sitio web manipulado. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=8a8eb83276778c9fbcf9ebcd4436077269b73074 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=252062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 63EXPL: 0CVE-2013-2853
https://notcve.org/view.php?id=CVE-2013-2853
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation. La implementación HTTPS en Google Chrome anterior a 28.0.1500.71 no verifica que las cabeceras finalicen con \r\n\r\n (retorno de carro, nueva línea, retorno de carro, nueva línea), lo que permite a atacantes man-in-the-middle, provocar un impacto no especificado a través de vectores que provocan un truncado de cabecera. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=244260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033 •
CVSS: 7.5EPSS: 1%CPEs: 63EXPL: 0CVE-2013-2871
https://notcve.org/view.php?id=CVE-2013-2871
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. Vulnerabilidad usar despues de liberar en Google Chrome anterior a v28.0.1500.71 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la manipulación de una entrada. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=243818 https://code.google.com/p/chromium/issues/detail?id=243991 https://oval.cisecurity.org/repository/search/definition/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 4%CPEs: 189EXPL: 0CVE-2013-2877 – libxml2: Out-of-bounds read via a document that ends abruptly
https://notcve.org/view.php?id=CVE-2013-2877
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. parser.c en libxml2 anterior a 2.9.0 utilizada en Google Chrome anterior a 28.0.1500.71 y otros productos, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un documento que finaliza de golpe, relacionado con la falta de determinadas validaciones para el estado XML_PARSER_EOF. • ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1 http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2013-2880
https://notcve.org/view.php?id=CVE-2013-2880
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 28.0.1500.71, permite a atacantes provocar una denegación de servicio u otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=160450 https://code.google.com/p/chromium/issues/detail?id=167924 https://code.google.com/p/chromium/issues/detail?id=173688 https://code.google.com/p/chromium/issues/detail?id=176027 https://code.google.com/p/chromium/issues/detail? •