CVE-2013-6650 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation CWE-480 — Use of Incorrect Operator7 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 14.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Opensuse

Timeline

PublishedJan 28

Latest updateMay 14

Description

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome32.0.1700.101+68

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-v9wp-5vcm-xwhv: The StoreBuffer::ExemptPopularPages function in store-buffer↗2022-05-14

▶

OSV

CVE-2013-6650: The StoreBuffer::ExemptPopularPages function in store-buffer↗2014-01-28

▶

📋Vendor Advisories

Red Hat

v8: incorrect handling of popular pages↗2014-01-08

▶

💬Community

Bugzilla

CVE-2013-6650 v8: incorrect handling of popular pages [epel-6]↗2014-01-29

▶

Bugzilla

CVE-2013-6650 v8: incorrect handling of popular pages↗2014-01-29

▶

Bugzilla

CVE-2013-6650 v8: incorrect handling of popular pages [fedora-all]↗2014-01-29

▶