CVE-2013-6646

Published: Jan 16, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.

Affected (6)

Products: Google: Chrome · Opensuse: Opensuse · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.77

Running on/with	Platform Versions
Apple Mac Os X	All versions
Linux Linux Kernel	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 32.0.1700.76

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: cve@mitre.org

Third Party Advisory

https://code.google.com/p/chromium/issues/detail?id=249502

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=233099&view=revision

Source: cve@mitre.org

PatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=233367&view=revision

Source: cve@mitre.org

PatchVendor Advisory

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.debian.org/security/2014/dsa-2862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://code.google.com/p/chromium/issues/detail?id=249502

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=233099&view=revision

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://src.chromium.org/viewvc/chrome?revision=233367&view=revision

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.