CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2878
https://notcve.org/view.php?id=CVE-2013-2878
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text. Google Chrome anterior a 28.0.1500.71 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores relacionados con el manejo de texto. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=177197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 64EXPL: 0CVE-2013-2879
https://notcve.org/view.php?id=CVE-2013-2879
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. Google Chrome anterior a 28.0.1500.71 no determina adecuadamente las circunstancias en las que un proceso de renderizado debe considerarse como confiable para suscribirse y posteriormente realizar operaciones de sincronización, lo que facilita a atacantes remotos el llevar a cabo ataques de phishing mediante un sitio web manipulado. • http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=8a8eb83276778c9fbcf9ebcd4436077269b73074 http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=252062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2013-2880
https://notcve.org/view.php?id=CVE-2013-2880
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 28.0.1500.71, permite a atacantes provocar una denegación de servicio u otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://www.debian.org/security/2013/dsa-2724 https://code.google.com/p/chromium/issues/detail?id=160450 https://code.google.com/p/chromium/issues/detail?id=167924 https://code.google.com/p/chromium/issues/detail?id=173688 https://code.google.com/p/chromium/issues/detail?id=176027 https://code.google.com/p/chromium/issues/detail? •
CVSS: 4.3EPSS: 0%CPEs: 88EXPL: 0CVE-2013-2866
https://notcve.org/view.php?id=CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. El plugin Flash en Google Chrome anterior 27.0.1453.116 no determinar correctamente si un usuario desea autorizar el acceso de una aplicación Flash a la cámara o micrófono, que permite a atacantes remotos obtener información sensible del entorno físico de una máquina a través de ataques de clickjacking, como se demuestra por un ataque con una hoja de estilos (CSS) modificada en la propiedad de opacidad. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html http://habrahabr.ru/post/182706 https://code.google.com/p/chromium/issues/detail?id=249335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693 https://src.chromium.org/viewvc/chrome?revision=206188&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 82EXPL: 0CVE-2013-2854
https://notcve.org/view.php?id=CVE-2013-2854
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome anterior a v27.0.1453.110 en Windows proporciona un identificador incorrecto a un proceso de render en circunstancias no especificadas, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=243339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16796 •