National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:17.0.963.42
There are 1,395 matching records.
Displaying matches 1321 through 1340.
Vuln ID Summary CVSS Severity
CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 7.5 HIGH
CVE-2011-3070

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 7.5 HIGH
CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 7.5 HIGH
CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 7.5 HIGH
CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 5.0 MEDIUM
CVE-2011-3066

Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: April 05, 2012; 06:02:07 PM -04:00
V2: 5.0 MEDIUM
CVE-2011-3065

Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 7.5 HIGH
CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 7.5 HIGH
CVE-2011-3063

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 10.0 HIGH
CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 6.8 MEDIUM
CVE-2011-3061

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 5.8 MEDIUM
CVE-2011-3060

Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 5.0 MEDIUM
CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 5.0 MEDIUM
CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: March 30, 2012; 06:55:01 PM -04:00
V2: 4.3 MEDIUM
CVE-2011-3049

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.

Published: March 23, 2012; 06:55:01 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-1846

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Published: March 22, 2012; 12:55:02 PM -04:00
V2: 10.0 HIGH
CVE-2012-1845

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Published: March 22, 2012; 12:55:02 PM -04:00
V2: 10.0 HIGH
CVE-2011-3057

Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.

Published: March 22, 2012; 12:55:01 PM -04:00
V2: 5.0 MEDIUM
CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

Published: March 22, 2012; 12:55:01 PM -04:00
V2: 7.5 HIGH
CVE-2011-3055

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.

Published: March 22, 2012; 12:55:01 PM -04:00
V2: 6.8 MEDIUM