National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:5.0.317.0
There are 1,785 matching records.
Displaying matches 1781 through 1785.
Vuln ID Summary CVSS Severity
CVE-2010-2106

Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.

Published: May 28, 2010; 02:30:01 PM -04:00
    V2: 10.0 HIGH
CVE-2010-2105

Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.

Published: May 28, 2010; 02:30:01 PM -04:00
    V2: 10.0 HIGH
CVE-2010-1731

Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.

Published: May 06, 2010; 10:53:01 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Published: May 11, 2009; 11:30:00 AM -04:00
    V2: 9.3 HIGH
CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: January 20, 2009; 11:30:00 AM -05:00
    V2: 2.1 LOW