rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-6646 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 16, 2014 | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the s | ||
| CVE-2013-6645 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 16, 2014 | Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a den | ||
| CVE-2013-6644 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 16, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2013-6643 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 16, 2014 | The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by lever | ||
| CVE-2013-6641 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 16, 2014 | Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denia | ||
| CVE-2013-6640 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of | ||
| CVE-2013-6639 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript | ||
| CVE-2013-6638 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runt | ||
| CVE-2013-6637 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2013-6636 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the addres | ||
| CVE-2013-6635 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing | ||
| CVE-2013-6634 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 7, 2013 | The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by | ||
| CVE-2013-6631 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2013 | Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have | ||
| CVE-2013-6630 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2013 | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which | ||
| CVE-2013-6629 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2013 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of S | ||
| CVE-2013-6632 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 18, 2013 | Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. | ||
| CVE-2013-6628 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 13, 2013 | net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relat | ||
| CVE-2013-6627 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 13, 2013 | net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. | ||
| CVE-2013-6626 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 13, 2013 | The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a | ||
| CVE-2013-6625 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 13, 2013 | Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances |
- CVE-2013-6646Jan 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the s
- CVE-2013-6645Jan 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a den
- CVE-2013-6644Jan 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-6643Jan 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by lever
- CVE-2013-6641Jan 16, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denia
- CVE-2013-6640Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of
- CVE-2013-6639Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript
- CVE-2013-6638Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runt
- CVE-2013-6637Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-6636Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the addres
- CVE-2013-6635Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing
- CVE-2013-6634Dec 7, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by
- CVE-2013-6631Nov 19, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have
- CVE-2013-6630Nov 19, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which
- CVE-2013-6629Nov 19, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of S
- CVE-2013-6632Nov 18, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
- CVE-2013-6628Nov 13, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relat
- CVE-2013-6627Nov 13, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
- CVE-2013-6626Nov 13, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a
- CVE-2013-6625Nov 13, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances
Page 190 of 203