National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:31.0.1650.33
There are 912 matching records.
Displaying matches 901 through 912.
Vuln ID Summary CVSS Severity
CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Published: November 18, 2013; 11:50:56 PM -05:00
V2: 5.0 MEDIUM
CVE-2013-6802

Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.

Published: November 18, 2013; 12:23:57 AM -05:00
V2: 5.8 MEDIUM
CVE-2013-6632

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.

Published: November 18, 2013; 12:23:57 AM -05:00
V2: 9.3 HIGH
CVE-2013-6628

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6627

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 5.0 MEDIUM
CVE-2013-6626

The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6625

Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 6.8 MEDIUM
CVE-2013-6624

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 7.5 HIGH
CVE-2013-6623

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 4.3 MEDIUM
CVE-2013-6622

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 6.8 MEDIUM
CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

Published: November 13, 2013; 10:55:04 AM -05:00
V2: 7.5 HIGH
CVE-2013-2931

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.

Published: November 13, 2013; 10:55:03 AM -05:00
V2: 10.0 HIGH