Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-13 | CVE-2013-6628 | Certificates Validation Security Bypass vulnerability in Google Chrome net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session. network google | 4.3 |
| 2013-11-13 | CVE-2013-6627 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. | 5.0 |
| 2013-11-13 | CVE-2013-6626 | Address Bar URI Spoofing vulnerability in Google Chrome The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site. network google | 4.3 |
| 2013-11-13 | CVE-2013-6625 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event. | 6.8 |
| 2013-11-13 | CVE-2013-6624 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. | 7.5 |
| 2013-11-13 | CVE-2013-6623 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout. | 4.3 |
| 2013-11-13 | CVE-2013-6622 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents. | 6.8 |
| 2013-11-13 | CVE-2013-6621 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. | 7.5 |
| 2013-09-25 | CVE-2013-5933 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. | 6.9 |
| 2013-09-25 | CVE-2013-4777 | Permissions, Privileges, and Access Controls vulnerability in multiple products A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. | 6.9 |