National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:4.1.249.1009
There are 1,809 matching records.
Displaying matches 1801 through 1809.
Vuln ID Summary CVSS Severity
CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1233

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2010-1232

Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-1231

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1230

Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2010-1229

The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2010-1228

Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.

Published: April 01, 2010; 06:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Published: May 11, 2009; 11:30:00 AM -04:00
    V2: 9.3 HIGH
CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: January 20, 2009; 11:30:00 AM -05:00
    V2: 2.1 LOW