CVE-2013-2842 – Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
https://notcve.org/view.php?id=CVE-2013-2842
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. Vulnerabilidad de tipo "usar despues de liberar" en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificados realacionados con la manipulación de "widgets". • https://www.exploit-db.com/exploits/40243 http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.debian.org/security/2013/dsa-2 • CWE-399: Resource Management Errors •
CVE-2013-2847
https://notcve.org/view.php?id=CVE-2013-2847
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. Condición de carrera en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio (usar despues de liberar y caída de la aplicación) o posiblemente tener un impacto no especificado mediante vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://www.debian.org/security/2013/dsa-2695 https://code.google.com/p/chromium/issues/detail?id=176692 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16716 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-0919
https://notcve.org/view.php?id=CVE-2013-0919
Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window. Vulnerabilidad de usar-después-de-liberar en Google Chrome versiones anteriores a v26.0.1410.43 para Linux permite a atacantes remotos provocar una denegación de servicio o probablemente tener otro impacto no especificado al aprovechar la presencia de una extensión que crea una ventana emergente. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html https://code.google.com/p/chromium/issues/detail?id=178760 • CWE-399: Resource Management Errors •
CVE-2013-0921
https://notcve.org/view.php?id=CVE-2013-0921
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. La funcionalidad de separación de sitios web en Google Chrome versiones anteriores a v.26.0.1410.43 no refuerza adecuadamente el uso de procesos separados, facilitando a atacantes remotos el saltar las restricciones de acceso implementadas mediante un sitio web manipulado. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html https://code.google.com/p/chromium/issues/detail?id=174943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16670 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0925
https://notcve.org/view.php?id=CVE-2013-0925
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. Google Chrome versiones anteriores a v26.0.1410.43 no garantiza que una extensión tenga el permiso de pestaña (especificado por APIPermission::kTab) antes de proporcionar una URL a esta extensión, provocando un impacto y vectores de ataque remotos no especificados. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html https://code.google.com/p/chromium/issues/detail?id=168442 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16363 • CWE-264: Permissions, Privileges, and Access Controls •