CVSS: 4.3EPSS: 0%CPEs: 88EXPL: 0CVE-2013-2866
https://notcve.org/view.php?id=CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. El plugin Flash en Google Chrome anterior 27.0.1453.116 no determinar correctamente si un usuario desea autorizar el acceso de una aplicación Flash a la cámara o micrófono, que permite a atacantes remotos obtener información sensible del entorno físico de una máquina a través de ataques de clickjacking, como se demuestra por un ataque con una hoja de estilos (CSS) modificada en la propiedad de opacidad. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html http://habrahabr.ru/post/182706 https://code.google.com/p/chromium/issues/detail?id=249335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693 https://src.chromium.org/viewvc/chrome?revision=206188&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2013-2864
https://notcve.org/view.php?id=CVE-2013-2864
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. La funcionalidad PDF en Google Chrome anterior a v27.0.1453.110 permite a atacantes remotos causar una denegación de servicio (operación free inválida) o posiblmente tener otro impacto no especificado mediante vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=239134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16736 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 82EXPL: 0CVE-2013-2865
https://notcve.org/view.php?id=CVE-2013-2865
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a v27.0.1453.110 permite que los atacantes puedan provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://www.debian.org/security/2013/dsa-2706 https://code.google.com/p/chromium/issues/detail?id=164263 https://code.google.com/p/chromium/issues/detail?id=232763 https://code.google.com/p/chromium/issues/detail?id=236245 https://code.google.com/p/chromium/issues/detail?id=237429 https://code.google.com/p/chromium/issues/detail? •
CVSS: 7.5EPSS: 0%CPEs: 83EXPL: 0CVE-2013-2859
https://notcve.org/view.php?id=CVE-2013-2859
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. Google Chrome anterior a v27.0.1453.110 permite a atacantes remotos eludir la política del mismo origen (Same Origin Policy9 y generar "namespace pollution" mediante vectores no especificados. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://www.debian.org/security/2013/dsa-2706 https://code.google.com/p/chromium/issues/detail?id=237022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16640 •
CVSS: 7.5EPSS: 0%CPEs: 83EXPL: 0CVE-2013-2858
https://notcve.org/view.php?id=CVE-2013-2858
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de "usar despues de liberar" en la implementación Audio en HTML5 en Google Chrome anterior a v27.0.1453.110 permite a atacantes remotos causar una denegación de servicio o posiblmente tener un impacto no especificado mediante vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://www.debian.org/security/2013/dsa-2706 https://code.google.com/p/chromium/issues/detail?id=239897 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15909 • CWE-416: Use After Free •