Vulnerabilities > Google > Chrome > 24.0.1301.1

DATE CVE VULNERABILITY TITLE RISK
2013-11-13 CVE-2013-6628 Certificates Validation Security Bypass vulnerability in Google Chrome
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
network
google
4.3
2013-11-13 CVE-2013-6627 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
network
low complexity
google CWE-119
5.0
2013-11-13 CVE-2013-6626 Address Bar URI Spoofing vulnerability in Google Chrome
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
network
google
4.3
2013-11-13 CVE-2013-6625 Resource Management Errors vulnerability in Google Chrome
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.
network
google CWE-399
6.8
2013-11-13 CVE-2013-6624 Resource Management Errors vulnerability in Google Chrome
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
network
low complexity
google CWE-399
7.5
2013-11-13 CVE-2013-6623 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
network
google CWE-119
4.3
2013-11-13 CVE-2013-6622 Resource Management Errors vulnerability in Google Chrome
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.
network
google CWE-399
6.8
2013-11-13 CVE-2013-6621 Resource Management Errors vulnerability in multiple products
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
network
low complexity
opensuse google debian CWE-399
7.5
2013-03-21 CVE-2013-2632 Unspecified vulnerability in Google Chrome
Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.
network
google
6.8
2013-02-23 CVE-2013-2268 Security vulnerability in WebKit MathML Library
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."
network
low complexity
google linux microsoft apple
7.5