CVSS: 7.5EPSS: 54%CPEs: 111EXPL: 0CVE-2013-0912 – Google Chrome Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0912
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." WebKit en Google Chrome anterior a v25.0.1364.160 permite a atacantes remotos ejecutar código arbitario mediante vectores que aprovechan la "confusión de tipo." (type confusion) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of static_cast. The issue lies in the ability to create an object that is a smaller size than it is treated after a static_cast. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_7.html http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://labs.mwrinfosecurity.com/blog/2013/03/06/pwn2own-at-cansecwest-2013 http://lists.apple.com/archives/security-announce/2013/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html http://support.apple.com/kb/HT5701 http://support.apple.com/kb/HT5704 http://twitter.com/thezdi/statuses&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2013-0906
https://notcve.org/view.php?id=CVE-2013-0906
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La implementación de IndexedDB en Google Chrome anterior a v25.0.1364.152 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html https://code.google.com/p/chromium/issues/detail?id=174895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2013-0907
https://notcve.org/view.php?id=CVE-2013-0907
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads. Condición de carrera en Google Chrome anterior a v25.0.1364.152 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través vectores relacionados con el manejo de hilos multimedia. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html https://code.google.com/p/chromium/issues/detail?id=174150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16633 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2013-0903
https://notcve.org/view.php?id=CVE-2013-0903
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation. Vulnerabilidad Use-after free en Google Chrome anterior a v25.0.1364.152, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente otro impacto no especificado a través de vectores relacionados con la navegación. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html https://code.google.com/p/chromium/issues/detail?id=176252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16661 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 106EXPL: 0CVE-2013-0909
https://notcve.org/view.php?id=CVE-2013-0909
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. El XSS Auditor en Google Chrome anterior a v25.0.1364.152 permite a atacantes remotos obtener informacion sensible de HTTP Referer a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html https://code.google.com/p/chromium/issues/detail?id=173906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16132 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •