National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:13.0.779.0
There are 1,537 matching records.
Displaying matches 1521 through 1537.
Vuln ID Summary CVSS Severity
CVE-2011-2790

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-2789

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-2787

Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2786

Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-2785

The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-2784

Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2783

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 6.4 MEDIUM
CVE-2011-2782

The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-2361

The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-2360

Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-2358

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

Published: August 02, 2011; 08:55:01 PM -04:00
    V2: 6.4 MEDIUM
CVE-2010-2179

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

Published: June 15, 2010; 02:00:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1731

Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.

Published: May 06, 2010; 10:53:01 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Published: May 11, 2009; 11:30:00 AM -04:00
    V2: 9.3 HIGH
CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: January 20, 2009; 11:30:00 AM -05:00
    V2: 2.1 LOW