Chrome
by Google
Source repositories
CVEs (5,320)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2911 | 0.00 | — | 0.01 | Oct 2, 2013 | Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging… | |||
| CVE-2013-2910 | 0.00 | — | 0.01 | Oct 2, 2013 | Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown… | |||
| CVE-2013-2909 | 0.00 | — | 0.02 | Oct 2, 2013 | Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated… | |||
| CVE-2013-2908 | 0.00 | — | 0.01 | Oct 2, 2013 | Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code. | |||
| CVE-2013-2907 | 0.00 | — | 0.01 | Oct 2, 2013 | The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2013-2906 | 0.00 | — | 0.01 | Oct 2, 2013 | Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp,… | |||
| CVE-2013-2905 | 0.00 | — | 0.01 | Aug 21, 2013 | The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | |||
| CVE-2013-2904 | 0.00 | — | 0.02 | Aug 21, 2013 | Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes… | |||
| CVE-2013-2903 | 0.00 | — | 0.01 | Aug 21, 2013 | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via… | |||
| CVE-2013-2902 | 0.00 | — | 0.01 | Aug 21, 2013 | Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call… | |||
| CVE-2013-2901 | 0.00 | — | 0.01 | Aug 21, 2013 | Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have… | |||
| CVE-2013-2900 | 0.00 | — | 0.02 | Aug 21, 2013 | The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks… | |||
| CVE-2013-2887 | 0.00 | — | 0.01 | Aug 21, 2013 | Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2886 | 0.00 | — | 0.01 | Jul 31, 2013 | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2885 | 0.00 | — | 0.01 | Jul 31, 2013 | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a… | |||
| CVE-2013-2884 | 0.00 | — | 0.01 | Jul 31, 2013 | Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. | |||
| CVE-2013-2883 | 0.00 | — | 0.01 | Jul 31, 2013 | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. | |||
| CVE-2013-2882 | 0.00 | — | 0.02 | Jul 31, 2013 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2013-2881 | 0.00 | — | 0.01 | Jul 31, 2013 | Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||
| CVE-2013-2880 | 0.00 | — | 0.02 | Jul 10, 2013 | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
- CVE-2013-2911Oct 2, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging…
- CVE-2013-2910Oct 2, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown…
- CVE-2013-2909Oct 2, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated…
- CVE-2013-2908Oct 2, 2013risk 0.00cvss —epss 0.01
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
- CVE-2013-2907Oct 2, 2013risk 0.00cvss —epss 0.01
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2013-2906Oct 2, 2013risk 0.00cvss —epss 0.01
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp,…
- CVE-2013-2905Aug 21, 2013risk 0.00cvss —epss 0.01
The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.
- CVE-2013-2904Aug 21, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes…
- CVE-2013-2903Aug 21, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via…
- CVE-2013-2902Aug 21, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call…
- CVE-2013-2901Aug 21, 2013risk 0.00cvss —epss 0.01
Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have…
- CVE-2013-2900Aug 21, 2013risk 0.00cvss —epss 0.02
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks…
- CVE-2013-2887Aug 21, 2013risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-2886Jul 31, 2013risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-2885Jul 31, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a…
- CVE-2013-2884Jul 31, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.
- CVE-2013-2883Jul 31, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.
- CVE-2013-2882Jul 31, 2013risk 0.00cvss —epss 0.02
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2013-2881Jul 31, 2013risk 0.00cvss —epss 0.01
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
- CVE-2013-2880Jul 10, 2013risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Page 227 of 266