CVE-2013-2904

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.

Published: Aug 21, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-2904
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
google / chrome	29.0.1547.0	29.0.1547.0.x
google / chrome	29.0.1547.39	29.0.1547.39.x
google / chrome	29.0.1547.52	29.0.1547.52.x
google / chrome	29.0.1547.15	29.0.1547.15.x
google / chrome	29.0.1547.40	29.0.1547.40.x
google / chrome	29.0.1547.49	29.0.1547.49.x
google / chrome	29.0.1547.2	29.0.1547.2.x
google / chrome	29.0.1547.7	29.0.1547.7.x
google / chrome	29.0.1547.11	29.0.1547.11.x
google / chrome	29.0.1547.3	29.0.1547.3.x
google / chrome	29.0.1547.34	29.0.1547.34.x
google / chrome	-	29.0.1547.56.x
google / chrome	29.0.1547.16	29.0.1547.16.x
google / chrome	29.0.1547.33	29.0.1547.33.x
google / chrome	29.0.1547.46	29.0.1547.46.x
google / chrome	29.0.1547.42	29.0.1547.42.x
google / chrome	29.0.1547.54	29.0.1547.54.x
google / chrome	29.0.1547.50	29.0.1547.50.x
google / chrome	29.0.1547.18	29.0.1547.18.x
google / chrome	29.0.1547.21	29.0.1547.21.x
google / chrome	29.0.1547.29	29.0.1547.29.x
google / chrome	29.0.1547.14	29.0.1547.14.x
google / chrome	29.0.1547.17	29.0.1547.17.x
google / chrome	29.0.1547.10	29.0.1547.10.x
google / chrome	29.0.1547.27	29.0.1547.27.x
google / chrome	29.0.1547.28	29.0.1547.28.x
google / chrome	29.0.1547.31	29.0.1547.31.x
google / chrome	29.0.1547.48	29.0.1547.48.x
google / chrome	29.0.1547.36	29.0.1547.36.x
google / chrome	29.0.1547.35	29.0.1547.35.x
google / chrome	29.0.1547.51	29.0.1547.51.x
google / chrome	29.0.1547.9	29.0.1547.9.x
google / chrome	29.0.1547.20	29.0.1547.20.x
google / chrome	29.0.1547.30	29.0.1547.30.x
google / chrome	29.0.1547.13	29.0.1547.13.x
google / chrome	29.0.1547.45	29.0.1547.45.x
google / chrome	29.0.1547.55	29.0.1547.55.x
google / chrome	29.0.1547.8	29.0.1547.8.x
google / chrome	29.0.1547.1	29.0.1547.1.x
google / chrome	29.0.1547.23	29.0.1547.23.x
google / chrome	29.0.1547.32	29.0.1547.32.x
google / chrome	29.0.1547.37	29.0.1547.37.x
google / chrome	29.0.1547.19	29.0.1547.19.x
google / chrome	29.0.1547.41	29.0.1547.41.x
google / chrome	29.0.1547.53	29.0.1547.53.x
google / chrome	29.0.1547.22	29.0.1547.22.x
google / chrome	29.0.1547.4	29.0.1547.4.x
google / chrome	29.0.1547.47	29.0.1547.47.x
google / chrome	29.0.1547.38	29.0.1547.38.x
google / chrome	29.0.1547.5	29.0.1547.5.x
google / chrome	29.0.1547.12	29.0.1547.12.x
debian / debian_linux	7.0	7.0.x

Vulnerability Database

318,250

CVE-2013-2904

Deep Security Visibility Without the Complexity