CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 35/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2012-04-05
Medium

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

CVSS: 6.8 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2011-3066

Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2012-03-30
Medium

CVE-2011-3065

Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3063

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType…

CVSS: 6.8 CWE: CWE-682 - Incorrect Calculation View on NVD
Medium

CVE-2011-3061

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive informatio…

CVSS: 5.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2011-3060

Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-03-23
Medium

CVE-2011-3049

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extensi…

CVSS: 5.0 CWE: N/A View on NVD
2012-03-22
Critical

CVE-2012-1846

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competi…

CVSS: 10.0 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Critical

CVE-2012-1845

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as…

CVSS: 9.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3057

Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

CVSS: 6.8 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2011-3055

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecif…

CVSS: 4.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2011-3054

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vector…

CVSS: 4.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2011-3053

Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3052

The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-3051

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified o…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified o…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3045

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a de…

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-03-14
Medium

CVE-2012-0458

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not…

CVSS: 6.8 CWE: CWE-264 View on NVD
2012-03-10
Critical

CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading me…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-03-09
Critical

CVE-2011-3046

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)"…

CVSS: 10.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-03-05
Medium

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation ele…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3043

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka fl…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3042

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3041

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3040

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3038

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column han…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3037

Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possi…

CVSS: 6.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2011-3036

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have…

CVSS: 6.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2011-3035

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3034

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3033

Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3031

Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
2012-02-29
Critical

CVE-2012-1418

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2012-02-16
Medium

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have un…

CVSS: 4.3 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2011-3026

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigge…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-3025

Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.

CVSS: 4.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2011-3023

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to dr…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3022

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive…

CVSS: 5.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3020

Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2011-3019

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) fi…

CVSS: 6.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2011-3018

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2011-3017

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handlin…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3016

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, re…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3015

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-02-09
Medium

CVE-2011-3972

The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2011-3971

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mo…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3970

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3969

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG do…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style S…

CVSS: 4.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3967

Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling f…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3965

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVSS: 5.0 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2011-3964

Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-3963

Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3962

Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2011-3961

Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.

CVSS: 9.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2011-3959

Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2011-3958

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3957

Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3956

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extensio…

CVSS: 6.8 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2011-3955

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an Indexed…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2011-3954

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2011-3953

Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.

CVSS: 7.5 CWE: N/A View on NVD
2012-01-24
High

CVE-2011-3928

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3927

Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified othe…

CVSS: 7.5 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2011-3926

Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2011-3925

Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecifie…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3924

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
2012-01-12
Critical

CVE-2012-0695

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2012-01-07
High

CVE-2011-3922

Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2011-3921

Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2011-12-13
High

CVE-2011-3917

Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2011-3916

Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2011-3915

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2011-3914

The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other im…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2011-3913

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3912

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3911

Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3910

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3909

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of se…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-3908

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3907

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-3906

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2011-3904

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional te…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3903

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-697 - Incorrect Comparison View on NVD
2011-12-09
Critical

CVE-2011-4719

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2011-12-07
Medium

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attack…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2010-5073

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2010-5069

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2011-11-24
Critical

CVE-2011-4548

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2011-11-17
High

CVE-2011-3900

Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-boun…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2011-11-11
High

CVE-2011-3898

Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecifi…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2011-3897

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to e…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3896

Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2011-3895

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stre…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2011-3894

Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-3893

Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vector…

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2011-3892

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted strea…

CVSS: 7.5 CWE: CWE-415 - Double Free View on NVD
2011-10-28
High

CVE-2011-3640

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan hor…

CVSS: 7.1 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2011-2830

Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly…

CVSS: 7.5 CWE: N/A View on NVD
2011-10-25
High

CVE-2011-3891

Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impa…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2011-3890

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source ha…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-3889

Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unkn…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2011-3888

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to e…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

CVSS: 5.0 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD
Medium

CVE-2011-3886

Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-o…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD