Google Chrome vulnerabilities

CVE-2013-0904 [HIGH] CWE-119 CVE-2013-0904: The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2013-0907 [HIGH] CWE-362 CVE-2013-0907: Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of se Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.

CVE-2013-0902 [HIGH] CWE-399 CVE-2013-0902: Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.15 Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-0908 [HIGH] CVE-2013-0908: Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which h Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

CVE-2013-0905 [HIGH] CWE-399 CVE-2013-0905: Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.

CVE-2013-0906 [HIGH] CWE-119 CVE-2013-0906: The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2013-0911 [HIGH] CWE-22 CVE-2013-0911: Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to h Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.

CVE-2013-0909 [MEDIUM] CWE-200 CVE-2013-0909: The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HT The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.

CVE-2013-0880 [HIGH] CWE-416 CVE-2013-0880: Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 2 Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases.

CVE-2013-0885 [HIGH] CWE-732 CVE-2013-0885: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does no Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

CVE-2013-0892 [HIGH] CVE-2013-0892: Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Window Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2268 [HIGH] CVE-2013-2268: Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.9 Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

CVE-2013-0879 [HIGH] CWE-787 CVE-2013-0879: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does no Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2013-0895 [HIGH] CWE-22 CVE-2013-0895: Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly h Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.

CVE-2013-0894 [HIGH] CWE-120 CVE-2013-0894: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c i Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds arr

CVE-2013-0886 [HIGH] CVE-2013-0886: Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

CVE-2013-0882 [HIGH] CWE-416 CVE-2013-0882: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters.

CVE-2013-0898 [HIGH] CWE-416 CVE-2013-0898: Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 2 Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.

CVE-2013-0890 [HIGH] CWE-787 CVE-2013-0890: Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Window Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

CVE-2013-0891 [HIGH] CWE-190 CVE-2013-0891: Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.