Google Chrome vulnerabilities

CVE-2013-2916 [MEDIUM] CVE-2013-2916: Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address ba Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.

CVE-2013-2911 [MEDIUM] CWE-399 CVE-2013-2911: Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSh Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt ve

CVE-2013-2913 [MEDIUM] CWE-399 CVE-2013-2913: Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumen Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document.

CVE-2013-2906 [MEDIUM] CWE-362 CVE-2013-2906: Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 3 Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFEleva

CVE-2013-2922 [MEDIUM] CWE-399 CVE-2013-2922: Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.

CVE-2013-2908 [MEDIUM] CVE-2013-2908: Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of Navigatio Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.

CVE-2013-2921 [MEDIUM] CWE-399 CVE-2013-2921: Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFet Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a re

CVE-2013-2915 [MEDIUM] CVE-2013-2915: Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circu Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.

CVE-2013-2917 [MEDIUM] CWE-119 CVE-2013-2917: The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage. The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.

CVE-2013-2920 [MEDIUM] CWE-119 CVE-2013-2920: The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.

CVE-2013-2902 [HIGH] CWE-399 CVE-2013-2902: Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in G Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element t

CVE-2013-2887 [HIGH] CVE-2013-2887: Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2900 [HIGH] CWE-22 CVE-2013-2900: The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 o The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.

CVE-2013-2903 [HIGH] CWE-399 CVE-2013-2903: Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTM Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents.

CVE-2013-2904 [HIGH] CWE-399 CVE-2013-2904: Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in B Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, l

CVE-2013-2901 [HIGH] CWE-189 CVE-2013-2901: Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Render Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-2905 [MEDIUM] CWE-264 CVE-2013-2905: The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547 The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.

CVE-2013-2883 [HIGH] CWE-399 CVE-2013-2883: Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.

CVE-2013-2882 [HIGH] CWE-843 CVE-2013-2882: Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial o Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVE-2013-2886 [HIGH] CVE-2013-2886: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.