CVE-2013-2880 : Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow

Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published 2013-07-10 10:55:02

Updated 2025-04-11 00:51:22

Source Chrome

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-2880

Google » Chrome
Versions up to, including, (<=) 28.0.1500.70
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.62
cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.61
cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.60
cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.51
cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.50
cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.43
cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.42
cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.35
cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.34
cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.33
cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.25
cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.24
cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.17
cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.16
cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.8
cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.64
cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.63
cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.53
cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.52
cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.45
cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.44
cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.37
cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.36
cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.27
cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.26
cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.19
cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.18
cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.11
cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.10
cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.9
cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.0
cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.68
cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.66
cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.56
cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.54
cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.47
cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.46
cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.39
cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.38
cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.29
cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.28
cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.21
cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.20
cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.13
cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.12
cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.3
cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.2
cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.6
cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.59
cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.58
cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.49
cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.48
cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.41
cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.40
cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.32
cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.31
cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.23
cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.22
cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.15
cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.14
cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.5
cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 28.0.1500.4
cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-2880

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-2880

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2013-2880

https://code.google.com/p/chromium/issues/detail?id=239411

239411 - ANGLE: check negative vector/matrix/array index - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=243875

243875 - ResourceHostMsg_RequestResource: validate request_data.priority enum - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=222852

222852 - Heap-use-after-free in WebCore::RenderObject::isDescendantOf - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=179653

179653 - ANGLE shader compiler: struct size overflow - chromium - Monorail
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17281

Repository / Oval Repository
https://code.google.com/p/chromium/issues/detail?id=240449

240449 - Crash in base::DeleteHelper<safe_browsing::DownloadProtectionService::CheckClientDownloadRequest>::DoDelete(void const *) - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=223772

223772 - Attempting free when chrome.fontSettings.getFontList is called twice in background script - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=178266

178266 - Heap-use-after-free in WebCore::RenderBlock::determineStartPosition - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=189090

189090 - Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=225798

225798 - Swiftshader images do not use aslr - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=242931

242931 - ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=176676

176676 - Heap-use-after-free in cricket::TransportChannelProxy::SetImplementation - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=242023

242023 - ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=256985

256985 - Tracking bug for internal security fixes for Chrome 28 release 0 - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=240055

240055 - ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=246240

246240 - ResourceHostMsg_DataReceived_ACK: heap corruption - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=189084

189084 - Bad cast in WebKit::WebPageSerializerImpl::endTagToString - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=235732

235732 - Heap-buffer-overflow in SkA1_Blitter::blitH - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=176027

176027 - Heap-buffer-overflow in SkARGB32_Opaque_Blitter::blitMask - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=243881

243881 - ASSERTION FAILED: actualInfo->derefObjectFunction == V8HTMLSpanElement::info.derefObjectFunction, UNKNOWN in WebCore::wrap - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=167924

167924 - Heap-use-after-free in WebCore::RenderLayerModelObject::hasSelfPaintingLayer - chromium - Monorail
http://www.debian.org/security/2013/dsa-2724

Debian -- Security Information -- DSA-2724-1 chromium-browser

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=226091

226091 - ASSERTION FAILED: !node || node->isShadowRoot(), UNKNOWN in WebCore::EventRetargeter::eventTargetRespectingTargetRules - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=236269

236269 - ASSERTION FAILED: !m_deletionHasBegun, UNKNOWN in WebCore::DeviceOrientationEvent::~DeviceOrientationEvent - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=160450

160450 - Heap-buffer-overflow in WebCore::InlineFlowBox::placeBoxRangeInInlineDirection - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=227157

227157 - Global-buffer-overflow in WebCore::Font::expansionOpportunityCount - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=236845

236845 - ASSERTION FAILED: node->treeScope() == m_oldScope, Heap-use-after-free in WebCore::Node::~Node - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=196570

196570 - ASSERTION FAILED: !object || object->isCanvas(), UNKNOWN in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=177688

177688 - ASSERTION FAILED: obj->isRenderInline() || obj == this, Bad cast in WebCore::RenderBlock::createLineBoxes - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=237263

237263 - chromium - Monorail
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html

Chrome Releases: Stable Channel Update

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=223482

223482 - Heap-use-after-free in WebCore::HTMLTreeBuilder::callTheAdoptionAgency - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=187243

187243 - Heap-use-after-free in WebCore::InlineBox::deleteLine - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=236556

236556 - use-after-free on WebCore::FormController::createSavedFormStateMap - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=177215

177215 - ASSERTION FAILED: static_cast<unsigned>(m_start + length) <= string.length(), UNKNOWN in WebCore::InlineTextBox::paint - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=173688

173688 - Security: Non-web-accessible extension URLs should not load in non-extension processes - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=178264

178264 - Heap-use-after-free in WebCore::Frame::setPageAndTextZoomFactors - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=240961

240961 - Zero-sized textures must be considered incomplete - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=230726

230726 - ASSERTION FAILED: i < m_length, UNKNOWN in WebCore::InlineTextBox::isLineBreak - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=242786

242786 - Heap-double-free in av_destruct_packet - chromium - Monorail
https://code.google.com/p/chromium/issues/detail?id=243045

243045 - ASSERTION FAILED: !m_deletionHasBegun, Heap-use-after-free in WebCore::GenericEventQueue::enqueueEvent - chromium - Monorail

Jump to

Vulnerability Details : CVE-2013-2880

Products affected by CVE-2013-2880

Exploit prediction scoring system (EPSS) score for CVE-2013-2880

CVSS scores for CVE-2013-2880

References for CVE-2013-2880