Vulnerabilities > Google > Chrome > 21.0.1180.81
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-24 | CVE-2013-6657 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | 6.4 |
| 2014-02-24 | CVE-2013-6656 | Information Exposure vulnerability in Google Chrome The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-02-24 | CVE-2013-6655 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout. | 7.5 |
| 2014-02-24 | CVE-2013-6654 | Improper Input Validation vulnerability in Google Chrome The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors. | 7.5 |
| 2014-02-24 | CVE-2013-6653 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser. | 7.5 |
| 2014-02-24 | CVE-2013-6652 | Path Traversal vulnerability in Google Chrome Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. | 7.5 |
| 2014-02-15 | CVE-2013-6166 | Cross-Site Request Forgery (CSRF) vulnerability in Google Chrome Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. | 6.8 |
| 2014-01-28 | CVE-2014-1681 | Security vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." | 10.0 |
| 2014-01-28 | CVE-2013-6650 | Improper Input Validation vulnerability in multiple products The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." | 7.5 |
| 2014-01-28 | CVE-2013-6649 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. | 7.5 |