Chrome
by Google
Source repositories
CVEs (5,320)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6642 | 0.00 | — | 0.01 | Jan 16, 2014 | Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||
| CVE-2013-6641 | 0.00 | — | 0.01 | Jan 16, 2014 | Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a… | |||
| CVE-2012-2899 | 0.00 | — | 0.01 | Jan 5, 2014 | Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write… | |||
| CVE-2012-2898 | 0.00 | — | 0.01 | Jan 5, 2014 | Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. | |||
| CVE-2013-6640 | 0.00 | — | 0.02 | Dec 7, 2013 | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of… | |||
| CVE-2013-6639 | 0.00 | — | 0.02 | Dec 7, 2013 | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via… | |||
| CVE-2013-6638 | 0.00 | — | 0.02 | Dec 7, 2013 | Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1)… | |||
| CVE-2013-6637 | 0.00 | — | 0.01 | Dec 7, 2013 | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-6636 | 0.00 | — | 0.01 | Dec 7, 2013 | The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the… | |||
| CVE-2013-6635 | 0.00 | — | 0.02 | Dec 7, 2013 | Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing… | |||
| CVE-2013-6634 | 0.00 | — | 0.01 | Dec 7, 2013 | The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by… | |||
| CVE-2013-6631 | 0.00 | — | 0.02 | Nov 19, 2013 | Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have… | |||
| CVE-2013-6630 | 0.00 | — | 0.02 | Nov 19, 2013 | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,… | |||
| CVE-2013-6802 | 0.00 | — | 0.01 | Nov 18, 2013 | Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. | |||
| CVE-2013-6632 | 0.00 | — | 0.06 | Nov 18, 2013 | Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. | |||
| CVE-2013-6628 | 0.00 | — | 0.01 | Nov 13, 2013 | net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust… | |||
| CVE-2013-6626 | 0.00 | — | 0.01 | Nov 13, 2013 | The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a… | |||
| CVE-2013-6625 | 0.00 | — | 0.02 | Nov 13, 2013 | Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances… | |||
| CVE-2013-6624 | 0.00 | — | 0.01 | Nov 13, 2013 | Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. | |||
| CVE-2013-6623 | 0.00 | — | 0.01 | Nov 13, 2013 | The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout. |
- CVE-2013-6642Jan 16, 2014risk 0.00cvss —epss 0.01
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.
- CVE-2013-6641Jan 16, 2014risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a…
- CVE-2012-2899Jan 5, 2014risk 0.00cvss —epss 0.01
Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write…
- CVE-2012-2898Jan 5, 2014risk 0.00cvss —epss 0.01
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.
- CVE-2013-6640Dec 7, 2013risk 0.00cvss —epss 0.02
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of…
- CVE-2013-6639Dec 7, 2013risk 0.00cvss —epss 0.02
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via…
- CVE-2013-6638Dec 7, 2013risk 0.00cvss —epss 0.02
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1)…
- CVE-2013-6637Dec 7, 2013risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-6636Dec 7, 2013risk 0.00cvss —epss 0.01
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the…
- CVE-2013-6635Dec 7, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing…
- CVE-2013-6634Dec 7, 2013risk 0.00cvss —epss 0.01
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by…
- CVE-2013-6631Nov 19, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have…
- CVE-2013-6630Nov 19, 2013risk 0.00cvss —epss 0.02
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,…
- CVE-2013-6802Nov 18, 2013risk 0.00cvss —epss 0.01
Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.
- CVE-2013-6632Nov 18, 2013risk 0.00cvss —epss 0.06
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
- CVE-2013-6628Nov 13, 2013risk 0.00cvss —epss 0.01
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust…
- CVE-2013-6626Nov 13, 2013risk 0.00cvss —epss 0.01
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a…
- CVE-2013-6625Nov 13, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances…
- CVE-2013-6624Nov 13, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
- CVE-2013-6623Nov 13, 2013risk 0.00cvss —epss 0.01
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
Page 225 of 266