National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:24.0.1291.1
There are 1,082 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2013-6632

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.

Published: November 18, 2013; 12:23:57 AM -05:00
V2: 9.3 HIGH
CVE-2013-6628

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6627

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 5.0 MEDIUM
CVE-2013-6626

The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6625

Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 6.8 MEDIUM
CVE-2013-6624

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 7.5 HIGH
CVE-2013-6623

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6622

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 6.8 MEDIUM
CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 7.5 HIGH
CVE-2013-2931

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.

Published: November 13, 2013; 10:55:03 AM -05:00
V2: 10.0 HIGH
CVE-2013-2928

Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 16, 2013; 04:55:06 PM -04:00
V2: 7.5 HIGH
CVE-2013-2927

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

Published: October 16, 2013; 04:55:06 PM -04:00
V2: 6.8 MEDIUM
CVE-2013-2926

Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.

Published: October 16, 2013; 04:55:06 PM -04:00
V2: 6.8 MEDIUM
CVE-2013-2925

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.

Published: October 16, 2013; 04:55:04 PM -04:00
V2: 6.8 MEDIUM
CVE-2013-2924

Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 7.5 HIGH
CVE-2013-2923

Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 7.5 HIGH
CVE-2013-2922

Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 6.8 MEDIUM
CVE-2013-2921

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 6.8 MEDIUM
CVE-2013-2920

The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 5.0 MEDIUM
CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: October 02, 2013; 06:35:35 AM -04:00
V2: 7.5 HIGH