CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
88.6%
Versions of Google Chrome earlier than 24.0.1312.52 are potentially affected by the following vulnerabilities :
Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832)
An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146)
A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148)
Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)
Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834)
An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153)
A casting error exists related to PDF ‘root’ handling. (CVE-2013-0828)
An unspecified error exists that can corrupt database metadata leading to incorrect file access. (CVE-2013-0829)
An error exists related to IPC and ‘NUL’ termination. (CVE-2013-0830)
An error exists related to extensions that may allow improper path traversals. (CVE-2013-0831)
An unspecified error exists related to geolocation. (CVE-2013-0835)
An unspecified error exists related to garbage collection in the v8 JavaScript engine. (CVE-2013-0836)
An unspecified error exists related to extension tab handling. (CVE-2013-0837)
The bundled version of Adobe Flash Player contains flaws that can lead to arbitrary code execution. (CVE-2013-0630)
Successful exploitation of some of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user’s privileges.
Binary data 6663.pasl