Filtered by vendor Google
Subscribe
Search
Total
1878 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2905 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | |||||
| CVE-2013-2906 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp. | |||||
| CVE-2013-2907 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2013-2908 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code. | |||||
| CVE-2013-2909 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings. | |||||
| CVE-2013-2910 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2911 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions. | |||||
| CVE-2013-2912 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message. | |||||
| CVE-2013-2913 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document. | |||||
| CVE-2013-2914 | 2 Google, Microsoft | 2 Chrome, Windows | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/. | |||||
| CVE-2013-2915 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL. | |||||
| CVE-2013-2916 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof. | |||||
| CVE-2013-2917 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array. | |||||
| CVE-2013-2918 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks. | |||||
| CVE-2013-2920 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring. | |||||
| CVE-2013-2921 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry. | |||||
| CVE-2013-2922 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element. | |||||
| CVE-2013-2923 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-2924 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2925 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object. | |||||
| CVE-2013-2926 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements. | |||||
| CVE-2013-2928 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6622 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents. | |||||
| CVE-2013-6623 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout. | |||||
| CVE-2013-6624 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. | |||||
| CVE-2013-6625 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event. | |||||
| CVE-2013-6626 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2013-6627 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. | |||||
| CVE-2013-6628 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session. | |||||
| CVE-2012-5128 | 2 Google, Linux | 3 Chrome, V8, Linux Kernel | 2017-09-19 | 7.5 HIGH | N/A |
| Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-2895 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. | |||||
| CVE-2012-2894 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-2893 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. | |||||
| CVE-2012-2892 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors. | |||||
| CVE-2012-2891 | 1 Google | 1 Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors. | |||||
| CVE-2012-2890 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2012-2889 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||||
| CVE-2012-2875 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document. | |||||
| CVE-2013-0839 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements. | |||||
| CVE-2013-0840 | 1 Google | 1 Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-0841 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-0842 | 1 Google | 1 Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. | |||||
| CVE-2012-2900 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-0912 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | |||||
| CVE-2013-0751 | 2 Google, Mozilla | 3 Android, Firefox, Seamonkey | 2017-09-19 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. | |||||
| CVE-2012-2844 | 1 Google | 1 Chrome | 2017-09-19 | 9.3 HIGH | N/A |
| The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2013-0828 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||||
| CVE-2013-0829 | 1 Google | 1 Chrome | 2017-09-19 | 6.4 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | |||||
| CVE-2012-2843 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking. | |||||
| CVE-2013-0879 | 4 Apple, Google, Linux and 1 more | 5 Iphone Os, Mac Os X, Chrome and 2 more | 2017-09-19 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||