Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:google:chrome:5.0.375.50
There are 2,142 matching records.
Displaying matches 2,141 through 2,142.
Vuln ID Summary CVSS Severity
CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Published: May 11, 2009; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: January 20, 2009; 11:30:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW