CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2865 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2013-2864 119 DoS Overflow 2013-06-04 2013-06-17
7.5
 None Remote Low Not required Partial Partial Partial
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors.
3 CVE-2013-2863 119 DoS Exec Code Overflow Mem. Corr. 2013-06-04 2013-06-05
10.0
 None Remote Low Not required Complete Complete Complete
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
4 CVE-2013-2862 119 DoS Overflow Mem. Corr. 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
5 CVE-2013-2861 399 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
6 CVE-2013-2860 399 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.
7 CVE-2013-2859 Bypass 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
8 CVE-2013-2858 399 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9 CVE-2013-2857 399 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
10 CVE-2013-2856 399 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
11 CVE-2013-2855 119 DoS Overflow Mem. Corr. 2013-06-04 2013-06-05
5.0
 None Remote Low Not required None Partial None
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
12 CVE-2013-2854 DoS 2013-06-04 2013-06-05
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
13 CVE-2013-2849 79 XSS 2013-05-22 2013-06-04
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
14 CVE-2013-2848 200 XSS +Info 2013-05-22 2013-06-04
5.0
 None Remote Low Not required Partial None None
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
15 CVE-2013-2847 362 DoS 2013-05-22 2013-06-04
6.8
 None Remote Medium Not required Partial Partial Partial
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
16 CVE-2013-2846 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.
17 CVE-2013-2845 119 DoS Overflow Mem. Corr. 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
18 CVE-2013-2844 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.
19 CVE-2013-2843 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.
20 CVE-2013-2842 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
21 CVE-2013-2841 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.
22 CVE-2013-2840 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.
23 CVE-2013-2839 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
24 CVE-2013-2838 119 DoS Overflow 2013-05-22 2013-06-04
5.0
 None Remote Low Not required None None Partial
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
25 CVE-2013-2837 399 DoS 2013-05-22 2013-06-04
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
26 CVE-2013-2836 DoS 2013-05-22 2013-05-22
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
27 CVE-2013-2632 DoS 2013-03-21 2013-04-09
6.8
 None Remote Medium Not required Partial Partial Partial
Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.
28 CVE-2013-2566 310 2013-03-15 2013-04-19
2.6
 None Remote High Not required Partial None None
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
29 CVE-2013-2268 2013-02-23 2013-02-25
7.5
 None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."
30 CVE-2013-0926 20 2013-03-28 2013-06-05
6.8
 None Remote Medium Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
31 CVE-2013-0925 264 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
32 CVE-2013-0924 264 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
33 CVE-2013-0923 119 DoS Overflow Mem. Corr. 2013-03-28 2013-04-03
5.0
 None Remote Low Not required None None Partial
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
34 CVE-2013-0922 264 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
35 CVE-2013-0921 264 Bypass 2013-03-28 2013-04-03
6.8
 None Remote Medium Not required Partial Partial Partial
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
36 CVE-2013-0920 399 DoS 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
37 CVE-2013-0919 399 DoS 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.
38 CVE-2013-0918 264 2013-03-28 2013-04-03
6.8
 None Remote Medium Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
39 CVE-2013-0917 119 DoS Overflow 2013-03-28 2013-04-03
5.0
 None Remote Low Not required None None Partial
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
40 CVE-2013-0916 399 DoS 2013-03-28 2013-04-03
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
41 CVE-2013-0912 94 Exec Code 2013-03-11 2013-04-19
7.5
 None Remote Low Not required Partial Partial Partial
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
42 CVE-2013-0911 22 Dir. Trav. 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
43 CVE-2013-0910 287 Bypass 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.
44 CVE-2013-0909 200 XSS +Info 2013-03-05 2013-03-06
5.0
 None Remote Low Not required Partial None None
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
45 CVE-2013-0908 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
46 CVE-2013-0907 362 DoS 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
47 CVE-2013-0906 119 DoS Overflow Mem. Corr. 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
48 CVE-2013-0905 399 DoS 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
49 CVE-2013-0904 119 DoS Overflow Mem. Corr. 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
50 CVE-2013-0903 399 DoS 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
Total number of vulnerabilities : 811   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.