VYPR

Chrome

by Google

Source repositories

CVEs (5,320)

  • CVE-2013-6642Jan 16, 2014
    risk 0.00cvss epss 0.01

    Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.

  • CVE-2013-6641Jan 16, 2014
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a…

  • CVE-2012-2899Jan 5, 2014
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write…

  • CVE-2012-2898Jan 5, 2014
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.

  • CVE-2013-6640Dec 7, 2013
    risk 0.00cvss epss 0.02

    The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of…

  • CVE-2013-6639Dec 7, 2013
    risk 0.00cvss epss 0.02

    The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via…

  • CVE-2013-6638Dec 7, 2013
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1)…

  • CVE-2013-6637Dec 7, 2013
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2013-6636Dec 7, 2013
    risk 0.00cvss epss 0.01

    The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the…

  • CVE-2013-6635Dec 7, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing…

  • CVE-2013-6634Dec 7, 2013
    risk 0.00cvss epss 0.01

    The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by…

  • CVE-2013-6631Nov 19, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have…

  • CVE-2013-6630Nov 19, 2013
    risk 0.00cvss epss 0.02

    The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,…

  • CVE-2013-6802Nov 18, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.

  • CVE-2013-6632Nov 18, 2013
    risk 0.00cvss epss 0.06

    Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.

  • CVE-2013-6628Nov 13, 2013
    risk 0.00cvss epss 0.01

    net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust…

  • CVE-2013-6626Nov 13, 2013
    risk 0.00cvss epss 0.01

    The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a…

  • CVE-2013-6625Nov 13, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances…

  • CVE-2013-6624Nov 13, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.

  • CVE-2013-6623Nov 13, 2013
    risk 0.00cvss epss 0.01

    The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.

Page 225 of 266