CVE-2013-2904Google Chrome vulnerability

CWE-3992 documents2 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeDebian Linux
Timeline
PublishedAug 21
Latest updateMay 17

Description

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome29.0.1547.56+50

Also affects: Debian Linux 7.0

🔴Vulnerability Details

1
GHSA
GHSA-95mx-xvcg-pc47: Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document2022-05-17
CVE-2013-2904 — Google Chrome vulnerability | cvebase