CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1939 94 Exec Code 2014-03-02 2014-03-04
7.5
None Remote Low Not required Partial Partial Partial
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
2 CVE-2014-1729 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
3 CVE-2014-1728 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
4 CVE-2014-1727 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.
5 CVE-2014-1724 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.
6 CVE-2014-1723 20 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.
7 CVE-2014-1722 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.
8 CVE-2014-1721 189 DoS Mem. Corr. 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.
9 CVE-2014-1720 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.
10 CVE-2014-1719 399 DoS Mem. Corr. 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.
11 CVE-2014-1718 189 DoS Overflow 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.
12 CVE-2014-1717 189 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
13 CVE-2014-1716 94 XSS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
14 CVE-2014-1715 22 Dir. Trav. 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
15 CVE-2014-1714 20 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.
16 CVE-2014-1713 399 DoS 2014-03-16 2014-04-24
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.
17 CVE-2014-1711 119 DoS Overflow 2014-03-16 2014-03-25
7.5
None Remote Low Not required Partial Partial Partial
The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
18 CVE-2014-1710 119 DoS Overflow Mem. Corr. 2014-03-16 2014-03-25
7.5
None Remote Low Not required Partial Partial Partial
The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors.
19 CVE-2014-1707 22 Dir. Trav. 2014-03-16 2014-03-25
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.
20 CVE-2014-1706 2014-03-16 2014-03-25
7.5
None Remote Low Not required Partial Partial Partial
crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.
21 CVE-2014-1705 119 DoS Overflow Mem. Corr. 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
22 CVE-2014-1703 399 Bypass 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
23 CVE-2014-1702 399 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.
24 CVE-2014-1700 399 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.
25 CVE-2013-6770 264 +Priv 2014-03-31 2014-04-03
7.6
None Remote High Not required Complete Complete Complete
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
26 CVE-2013-6668 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
27 CVE-2013-6667 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
28 CVE-2013-6665 119 DoS Overflow 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer.
29 CVE-2013-6664 399 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature.
30 CVE-2013-6663 399 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view.
31 CVE-2013-6661 Bypass 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.
32 CVE-2013-6658 399 DoS Exec Code 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.
33 CVE-2013-6655 399 DoS Overflow 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout.
34 CVE-2013-6654 20 DoS 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors.
35 CVE-2013-6653 399 DoS 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.
36 CVE-2013-6652 22 Dir. Trav. Bypass 2014-02-23 2014-02-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
37 CVE-2013-6650 20 DoS Mem. Corr. 2014-01-28 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."
38 CVE-2013-6649 399 DoS 2014-01-28 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.
39 CVE-2013-6646 399 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.
40 CVE-2013-6644 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
41 CVE-2013-6643 287 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
42 CVE-2013-6641 399 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.
43 CVE-2013-6640 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
44 CVE-2013-6639 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
45 CVE-2013-6638 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.
46 CVE-2013-6637 DoS 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
47 CVE-2013-6631 DoS Mem. Corr. 2013-11-18 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
48 CVE-2013-6624 399 DoS 2013-11-13 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
49 CVE-2013-6621 399 DoS 2013-11-13 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
50 CVE-2013-5359 119 Exec Code Overflow 2014-01-08 2014-01-14
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.
Total number of vulnerabilities : 405   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.