CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 27.0.1453.1 : Security Vulnerabilities Published In 2013

Cpe Name:cpe:/a:google:chrome:27.0.1453.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2866 264 +Info 2013-06-19 2013-11-02
4.3
None Remote Medium Not required Partial None None
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
2 CVE-2013-2865 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
3 CVE-2013-2864 119 DoS Overflow 2013-06-04 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors.
4 CVE-2013-2863 119 DoS Exec Code Overflow Mem. Corr. 2013-06-04 2013-12-05
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
5 CVE-2013-2862 119 DoS Overflow Mem. Corr. 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
6 CVE-2013-2861 399 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7 CVE-2013-2860 399 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.
8 CVE-2013-2859 Bypass 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
9 CVE-2013-2858 399 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10 CVE-2013-2857 399 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
11 CVE-2013-2856 399 DoS 2013-06-04 2013-12-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
12 CVE-2013-2855 119 DoS Overflow Mem. Corr. 2013-06-04 2013-12-05
5.0
None Remote Low Not required None Partial None
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
13 CVE-2013-2854 DoS 2013-06-04 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
14 CVE-2013-2849 79 XSS 2013-05-22 2013-11-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
15 CVE-2013-2848 200 XSS +Info 2013-05-22 2013-11-02
5.0
None Remote Low Not required Partial None None
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
16 CVE-2013-2847 362 DoS 2013-05-22 2013-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
17 CVE-2013-2846 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.
18 CVE-2013-2845 119 DoS Overflow Mem. Corr. 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19 CVE-2013-2844 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.
20 CVE-2013-2843 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.
21 CVE-2013-2842 399 DoS 2013-05-22 2014-01-27
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
22 CVE-2013-2841 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.
23 CVE-2013-2840 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.
24 CVE-2013-2839 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
25 CVE-2013-2838 119 DoS Overflow 2013-05-22 2013-11-02
5.0
None Remote Low Not required None None Partial
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
26 CVE-2013-2837 399 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
27 CVE-2013-2836 DoS 2013-05-22 2013-11-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.