U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:google:chrome:4.0.249.74
There are 2,567 matching records.
Displaying matches 2,181 through 2,200.
Vuln ID Summary CVSS Severity
CVE-2010-5073

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.

Published: December 07, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-5069

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.

Published: December 07, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3900

Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.

Published: November 17, 2011; 6:55:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3898

Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3897

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3896

Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3895

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3894

Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3893

Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3892

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

Published: November 11, 2011; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3640

** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Published: October 27, 2011; 10:49:53 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-2830

Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Published: October 27, 2011; 10:49:52 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3891

Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3890

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3889

Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3888

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3886

Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3884

Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Published: October 25, 2011; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM