CVE-2013-6645 — Use After Free in Google Chrome

CWE-416 — Use After Free2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

1.4%

top 19.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Opensuse

Timeline

PublishedJan 16

Latest updateMay 13

Description

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome< 32.0.1700.76+1

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: src.chromium.org ↗Patch: src.chromium.org ↗

🔴Vulnerability Details

GHSA

GHSA-rxf5-9jgq-q6f7: Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura↗2022-05-13

▶