National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:6.0.415.1
There are 1,878 matching records.
Displaying matches 1741 through 1760.
Vuln ID Summary CVSS Severity
CVE-2011-1300

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

Published: April 15, 2011; 03:55:00 PM -04:00
    V2: 10.0 HIGH
CVE-2011-1691

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

Published: April 14, 2011; 08:55:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-1296

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 25, 2011; 03:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1295

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.

Published: March 25, 2011; 03:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1294

Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 25, 2011; 03:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1293

Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: March 25, 2011; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: March 25, 2011; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1291

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."

Published: March 25, 2011; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2011-1465

The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.

Published: March 19, 2011; 10:00:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-1413

Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-1286

Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1285

The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1204

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 6.8 MEDIUM
CVE-2011-1203

Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-1201

The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1200

Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

Published: March 10, 2011; 09:01:20 PM -05:00
    V2: 6.8 MEDIUM
CVE-2011-1199

Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Published: March 10, 2011; 09:01:19 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1198

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."

Published: March 10, 2011; 09:01:19 PM -05:00
    V2: 7.5 HIGH
CVE-2011-1197

Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 10, 2011; 09:01:19 PM -05:00
    V2: 7.5 HIGH