Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-2060 |
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Published: June 15, 2009; 3:30:05 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-1442 |
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. Published: May 07, 2009; 1:30:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-1441 |
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel. Published: May 07, 2009; 1:30:04 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-1412 |
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. Published: April 24, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-0411 |
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. Published: February 03, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-0276 |
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. Published: February 03, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4724 |
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: October 23, 2008; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4340 |
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. Published: September 30, 2008; 1:22:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |