Google Chrome vulnerabilities

CVE-2013-0887 [HIGH] CWE-732 CVE-2013-0887: The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25 The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.

CVE-2013-0896 [HIGH] CWE-119 CVE-2013-0896: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does no Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-0889 [MEDIUM] CWE-863 CVE-2013-0889: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does no Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

CVE-2013-0888 [MEDIUM] CWE-125 CVE-2013-0888: Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

CVE-2013-0893 [MEDIUM] CWE-362 CVE-2013-0893: Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.

CVE-2013-0884 [MEDIUM] CVE-2013-0884: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does no Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

CVE-2013-0899 [MEDIUM] CWE-190 CVE-2013-0899: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_de Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

CVE-2013-0900 [MEDIUM] CWE-362 CVE-2013-0900: Race condition in the International Components for Unicode (ICU) functionality in Google Chrome befo Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-0883 [MEDIUM] CWE-787 CVE-2013-0883: Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVE-2013-0881 [MEDIUM] CWE-787 CVE-2013-0881: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.

CVE-2013-0897 [MEDIUM] CWE-193 CVE-2013-0897: Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.

CVE-2013-0840 [CRITICAL] CVE-2013-0840: Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which ha Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.

CVE-2013-0842 [CRITICAL] CVE-2013-0842: Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has un Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.

CVE-2013-0841 [HIGH] CWE-20 CVE-2013-0841: Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2013-0839 [HIGH] CWE-399 CVE-2013-0839: Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.

CVE-2013-0843 [HIGH] CWE-119 CVE-2013-0843: content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X doe content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.

CVE-2012-5145 [HIGH] CWE-416 CVE-2012-5145: Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.

CVE-2012-5149 [HIGH] CWE-189 CVE-2012-5149: Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2012-5147 [HIGH] CWE-399 CVE-2012-5147: Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

CVE-2013-0830 [HIGH] CWE-20 CVE-2013-0830: The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for ter The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.