CVE-2013-6625 : Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in

Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.

Published 2013-11-13 15:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2013-6625

Google » Chrome
Versions up to, including, (<=) 31.0.1650.47
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.43
cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.42
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.34
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.33
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.25
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.23
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.15
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.14
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.7
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.6
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.5
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.45
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.44
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.36
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.35
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.27
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.26
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.17
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.16
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.9
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.8
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.46
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.38
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.37
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.29
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.28
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.19
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.18
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.11
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.10
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.2
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.0
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.41
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.39
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.32
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.31
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.30
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.22
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.20
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.13
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.12
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.4
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 31.0.1650.3
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6625

EPSS FAQ

1.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6625

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-6625

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6625

https://src.chromium.org/viewvc/blink?revision=160037&view=revision

[blink] Revision 160037
http://support.apple.com/kb/HT6162

About the security content of iOS 7.1 - Apple Support

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=295010

295010 - Heap-use-after-free in WebCore::RenderObject::childAt - chromium - Monorail
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

[security-announce] openSUSE-SU-2013:1777-1: important: chromium: update

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19257

Repository / Oval Repository
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

openSUSE-SU-2014:0065-1: moderate: update for chromium

CVEs referencing this url
https://support.apple.com/kb/HT6537

About the security content of iTunes 12.0.1 - Apple Support

CVEs referencing this url
http://support.apple.com/kb/HT6163

About the security content of Apple TV 6.1 - Apple Support

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

[security-announce] openSUSE-SU-2013:1861-1: important: chromium: update

CVEs referencing this url
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

[security-announce] openSUSE-SU-2013:1776-1: important: chromium: 31.0.1

CVEs referencing this url
http://www.debian.org/security/2013/dsa-2799

Debian -- Security Information -- DSA-2799-1 chromium-browser

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-6625

Products affected by CVE-2013-6625

Exploit prediction scoring system (EPSS) score for CVE-2013-6625

CVSS scores for CVE-2013-6625

CWE ids for CVE-2013-6625

References for CVE-2013-6625