National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product: cpe:/a:google:chrome
There are 2,163 matching records.
Displaying matches 2001 through 2020.
Vuln ID Summary CVSS Severity
CVE-2010-4037

Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.

Published: October 21, 2010; 03:00:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-4036

Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.

Published: October 21, 2010; 03:00:04 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-4035

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Published: October 21, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-4034

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Published: October 21, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-4033

Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.

Published: October 21, 2010; 03:00:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-3730

Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.

Published: October 05, 2010; 02:00:32 PM -04:00
    V2: 9.3 HIGH
CVE-2010-3729

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

Published: October 05, 2010; 02:00:32 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.

Published: October 04, 2010; 05:00:03 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1825

Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1824

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1772

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 9.3 HIGH
CVE-2010-1767

Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.

Published: September 24, 2010; 03:00:04 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-3417

Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-3416

Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 10.0 HIGH
CVE-2010-3415

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 10.0 HIGH
CVE-2010-3414

Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 10.0 HIGH
CVE-2010-3413

Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-3412

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

Published: September 16, 2010; 05:00:02 PM -04:00
    V2: 9.3 HIGH