Google Chrome vulnerabilities

CVE-2013-6624 [HIGH] CWE-399 CVE-2013-6624: Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.

CVE-2013-6623 [MEDIUM] CWE-119 CVE-2013-6623: The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attacke The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.

CVE-2013-6628 [MEDIUM] CVE-2013-6628: net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 d net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

CVE-2013-6622 [MEDIUM] CWE-399 CVE-2013-6622: Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTM Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.

CVE-2013-6625 [MEDIUM] CWE-399 CVE-2013-6625: Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.

CVE-2013-6627 [MEDIUM] CWE-119 CVE-2013-6627: net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP I net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

CVE-2013-6626 [MEDIUM] CVE-2013-6626: The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_im The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.

CVE-2013-2928 [HIGH] CVE-2013-2928: Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2926 [MEDIUM] CWE-399 CVE-2013-2926: Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/ed Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.

CVE-2013-2927 [MEDIUM] CWE-399 CVE-2013-2927: Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTML Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

CVE-2013-2925 [MEDIUM] CWE-399 CVE-2013-2925: Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome befor Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.

CVE-2013-2924 [HIGH] CWE-399 CVE-2013-2924: Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-2919 [HIGH] CWE-119 CVE-2013-2919: Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial o Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2013-2909 [HIGH] CWE-399 CVE-2013-2909: Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote a Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.

CVE-2013-2910 [HIGH] CWE-399 CVE-2013-2910: Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio imple Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-2923 [HIGH] CVE-2013-2923: Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2912 [HIGH] CWE-399 CVE-2013-2912: Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/p Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.

CVE-2013-2918 [HIGH] CWE-399 CVE-2013-2918: Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/render Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relations

CVE-2013-2914 [MEDIUM] CWE-399 CVE-2013-2914: Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Win Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.

CVE-2013-2907 [MEDIUM] CWE-119 CVE-2013-2907: The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attack The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.