Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Filtered by product Chrome
Total 3085 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0838 2 Google, Linux 2 Chrome, Linux Kernel 2013-02-06 7.5 HIGH N/A
Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.
CVE-2013-0843 2 Apple, Google 2 Mac Os X, Chrome 2013-01-29 7.5 HIGH N/A
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.
CVE-2012-4930 2 Google, Mozilla 2 Chrome, Firefox 2013-01-29 2.6 LOW N/A
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVE-2012-5155 2 Apple, Google 2 Mac Os X, Chrome 2013-01-15 5.0 MEDIUM N/A
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-3109 2 Google, Linux 2 Chrome, Linux Kernel 2012-11-19 7.5 HIGH N/A
Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI.
CVE-2012-4909 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
CVE-2012-4908 1 Google 2 Android, Chrome 2012-09-14 7.5 HIGH N/A
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
CVE-2012-4907 1 Google 2 Android, Chrome 2012-09-14 9.3 HIGH N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
CVE-2012-4906 1 Google 2 Android, Chrome 2012-09-14 5.0 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
CVE-2012-4905 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
CVE-2012-4904 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
CVE-2012-4903 1 Google 2 Android, Chrome 2012-09-13 5.0 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.
CVE-2012-2859 2 Google, Linux 2 Chrome, Linux Kernel 2012-08-07 7.5 HIGH N/A
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2846 2 Google, Linux 2 Chrome, Linux Kernel 2012-08-06 5.0 MEDIUM N/A
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
CVE-2008-7294 1 Google 1 Chrome 2012-08-01 5.8 MEDIUM N/A
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2012-07-31 5.8 MEDIUM N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2012-2827 2 Apple, Google 2 Mac Os X, Chrome 2012-06-28 7.5 HIGH N/A
Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2009-3932 1 Google 1 Chrome 2009-11-12 9.3 HIGH N/A
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
CVE-2009-3264 1 Google 1 Chrome 2009-09-30 4.3 MEDIUM N/A
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
CVE-2009-3456 1 Google 1 Chrome 2009-09-29 7.5 HIGH N/A
Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.