National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:24.0.1291.1
There are 1,166 matching records.
Displaying matches 1141 through 1160.
Vuln ID Summary CVSS Severity
CVE-2013-0832

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

Published: January 15, 2013; 04:55:02 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0831

Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0830

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0829

Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 6.4 MEDIUM
CVE-2013-0828

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2012-5157

Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-5156

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2012-5155

Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-5154

Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5153

Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5152

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-5151

Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2012-5150

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5149

Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5148

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5147

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5146

Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-5145

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.

Published: January 15, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2012-4930

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Published: September 15, 2012; 02:55:03 PM -04:00
    V2: 2.6 LOW
CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Published: September 15, 2012; 02:55:03 PM -04:00
    V2: 2.6 LOW