CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1729 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2014-1728 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
3 CVE-2014-1727 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.
4 CVE-2014-1724 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.
5 CVE-2014-1723 20 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.
6 CVE-2014-1722 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.
7 CVE-2014-1721 189 DoS Mem. Corr. 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.
8 CVE-2014-1720 399 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.
9 CVE-2014-1719 399 DoS Mem. Corr. 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.
10 CVE-2014-1718 189 DoS Overflow 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.
11 CVE-2014-1717 189 DoS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
12 CVE-2014-1716 94 XSS 2014-04-09 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
13 CVE-2014-1715 22 Dir. Trav. 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
14 CVE-2014-1714 20 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.
15 CVE-2014-1713 399 DoS 2014-03-16 2014-04-24
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.
16 CVE-2014-1705 119 DoS Overflow Mem. Corr. 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
17 CVE-2014-1703 399 Bypass 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
18 CVE-2014-1702 399 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.
19 CVE-2014-1700 399 DoS 2014-03-16 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.
20 CVE-2013-6668 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
21 CVE-2013-6667 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
22 CVE-2013-6665 119 DoS Overflow 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer.
23 CVE-2013-6664 399 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature.
24 CVE-2013-6663 399 DoS 2014-03-05 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view.
25 CVE-2013-6661 Bypass 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.
26 CVE-2013-6658 399 DoS Exec Code 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.
27 CVE-2013-6655 399 DoS Overflow 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout.
28 CVE-2013-6654 20 DoS 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors.
29 CVE-2013-6653 399 DoS 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.
30 CVE-2013-6652 22 Dir. Trav. Bypass 2014-02-23 2014-02-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
31 CVE-2013-6650 20 DoS Mem. Corr. 2014-01-28 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."
32 CVE-2013-6649 399 DoS 2014-01-28 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.
33 CVE-2013-6646 399 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.
34 CVE-2013-6644 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
35 CVE-2013-6643 287 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
36 CVE-2013-6641 399 DoS 2014-01-16 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.
37 CVE-2013-6640 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
38 CVE-2013-6639 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
39 CVE-2013-6638 119 DoS Overflow 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.
40 CVE-2013-6637 DoS 2013-12-06 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
41 CVE-2013-6631 DoS Mem. Corr. 2013-11-18 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
42 CVE-2013-6624 399 DoS 2013-11-13 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
43 CVE-2013-6621 399 DoS 2013-11-13 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
44 CVE-2013-2928 DoS 2013-10-16 2014-04-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
45 CVE-2013-2924 399 DoS 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
46 CVE-2013-2923 DoS 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
47 CVE-2013-2919 119 DoS Overflow Mem. Corr. 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
48 CVE-2013-2918 399 DoS 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.
49 CVE-2013-2912 399 DoS 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
50 CVE-2013-2910 399 DoS 2013-10-02 2014-03-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 375   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.