Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2013-12-07 CVE-2013-6636 Improper Input Validation vulnerability in Google Chrome
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
network
google CWE-20
4.3
2013-12-07 CVE-2013-6635 Resource Management Errors vulnerability in Google Chrome
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.
network
google CWE-399
6.8
2013-12-07 CVE-2013-6634 Improper Authentication vulnerability in Google Chrome
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
network
google CWE-287
6.8
2013-12-05 CVE-2013-6916 Cross-Site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2013-11-19 CVE-2013-6631 Use After Free Remote Code Execution vulnerability in Google Chrome
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
network
low complexity
google
7.5
2013-11-18 CVE-2013-6802 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.
network
google CWE-264
5.8
2013-11-18 CVE-2013-6632 Numeric Errors vulnerability in Google Chrome
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
network
google debian CWE-189
critical
9.3
2013-11-13 CVE-2013-6628 Certificates Validation Security Bypass vulnerability in Google Chrome
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
network
google
4.3
2013-11-13 CVE-2013-6627 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
network
low complexity
google CWE-119
5.0
2013-11-13 CVE-2013-6626 Address Bar URI Spoofing vulnerability in Google Chrome
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
network
google
4.3