rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-1715 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. | ||
| CVE-2014-1714 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial | ||
| CVE-2014-1713 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or | ||
| CVE-2014-1705 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2014-1704 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-1703 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mec | ||
| CVE-2014-1702 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibl | ||
| CVE-2014-1701 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XS | ||
| CVE-2014-1700 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 16, 2014 | Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data s | ||
| CVE-2013-6661 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors. | ||
| CVE-2013-6660 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site. | ||
| CVE-2013-6659 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate | ||
| CVE-2013-6658 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during exe | ||
| CVE-2013-6657 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensiti | ||
| CVE-2013-6656 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to | ||
| CVE-2013-6655 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between J | ||
| CVE-2013-6654 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibl | ||
| CVE-2013-6653 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 24, 2014 | Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser. | ||
| CVE-2013-6650 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 28, 2014 | The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigg | ||
| CVE-2013-6649 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 28, 2014 | Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involvin |
- CVE-2014-1715Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
- CVE-2014-1714Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial
- CVE-2014-1713Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or
- CVE-2014-1705Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2014-1704Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-1703Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mec
- CVE-2014-1702Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibl
- CVE-2014-1701Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XS
- CVE-2014-1700Mar 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data s
- CVE-2013-6661Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.
- CVE-2013-6660Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site.
- CVE-2013-6659Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate
- CVE-2013-6658Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during exe
- CVE-2013-6657Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensiti
- CVE-2013-6656Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to
- CVE-2013-6655Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between J
- CVE-2013-6654Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibl
- CVE-2013-6653Feb 24, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.
- CVE-2013-6650Jan 28, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigg
- CVE-2013-6649Jan 28, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involvin
Page 189 of 203