VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 21, 2013· Updated Jun 16, 2026

CVE-2013-2904

CVE-2013-2904

Description

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

53
  • Google/Chrome51 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=29.0.1547.56
    • cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • Google/Google Chromellm-fuzzy
    Range: <29.0.1547.57

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.