rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-0889 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | ||
| CVE-2013-0888 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." | ||
| CVE-2013-0887 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. | ||
| CVE-2013-0886 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | ||
| CVE-2013-0885 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. | ||
| CVE-2013-0884 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | ||
| CVE-2013-0883 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | ||
| CVE-2013-0882 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. | ||
| CVE-2013-0881 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. | ||
| CVE-2013-0880 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. | ||
| CVE-2013-0879 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 23, 2013 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2013-0838 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | ||
| CVE-2013-0837 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | ||
| CVE-2013-0836 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. | ||
| CVE-2013-0835 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | ||
| CVE-2013-0834 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. | ||
| CVE-2013-0833 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | ||
| CVE-2013-0832 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | ||
| CVE-2013-0831 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. | ||
| CVE-2013-0830 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 15, 2013 | The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. |
- CVE-2013-0889Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
- CVE-2013-0888Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
- CVE-2013-0887Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.
- CVE-2013-0886Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
- CVE-2013-0885Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
- CVE-2013-0884Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
- CVE-2013-0883Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
- CVE-2013-0882Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters.
- CVE-2013-0881Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
- CVE-2013-0880Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases.
- CVE-2013-0879Feb 23, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2013-0838Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.
- CVE-2013-0837Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
- CVE-2013-0836Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
- CVE-2013-0835Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
- CVE-2013-0834Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
- CVE-2013-0833Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
- CVE-2013-0832Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
- CVE-2013-0831Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
- CVE-2013-0830Jan 15, 2013affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
Page 193 of 203