National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:31.0.1650.32
There are 912 matching records.
Displaying matches 881 through 900.
Vuln ID Summary CVSS Severity
CVE-2013-6653

Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.

Published: February 23, 2014; 11:48:09 PM -05:00
V2: 7.5 HIGH
CVE-2013-6652

Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.

Published: February 23, 2014; 11:48:09 PM -05:00
V2: 7.5 HIGH
CVE-2014-1681

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."

Published: January 28, 2014; 09:30:39 AM -05:00
V2: 10.0 HIGH
CVE-2013-6650

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."

Published: January 28, 2014; 09:30:39 AM -05:00
V2: 7.5 HIGH
CVE-2013-6649

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.

Published: January 28, 2014; 09:30:33 AM -05:00
V2: 7.5 HIGH
CVE-2013-6646

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 7.5 HIGH
CVE-2013-6645

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 6.8 MEDIUM
CVE-2013-6644

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 7.5 HIGH
CVE-2013-6643

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 7.5 HIGH
CVE-2013-6642

Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 5.0 MEDIUM
CVE-2013-6641

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.

Published: January 16, 2014; 07:17:26 AM -05:00
V2: 7.5 HIGH
CVE-2013-6640

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.

Published: December 06, 2013; 07:55:04 PM -05:00
V2: 7.5 HIGH
CVE-2013-6639

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.

Published: December 06, 2013; 07:55:04 PM -05:00
V2: 7.5 HIGH
CVE-2013-6638

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.

Published: December 06, 2013; 07:55:03 PM -05:00
V2: 7.5 HIGH
CVE-2013-6637

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: December 06, 2013; 07:55:03 PM -05:00
V2: 7.5 HIGH
CVE-2013-6636

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

Published: December 06, 2013; 07:55:03 PM -05:00
V2: 4.3 MEDIUM
CVE-2013-6635

Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.

Published: December 06, 2013; 07:55:03 PM -05:00
V2: 6.8 MEDIUM
CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

Published: December 06, 2013; 07:55:03 PM -05:00
V2: 6.8 MEDIUM
CVE-2013-6631

Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.

Published: November 18, 2013; 11:50:56 PM -05:00
V2: 7.5 HIGH
CVE-2013-6630

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Published: November 18, 2013; 11:50:56 PM -05:00
V2: 5.0 MEDIUM