Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0838 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2013-02-06 | 7.5 HIGH | N/A |
| Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0843 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-01-29 | 7.5 HIGH | N/A |
| content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. | |||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2013-01-29 | 2.6 LOW | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-01-15 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2011-3109 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-11-19 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI. | |||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2012-09-14 | 7.5 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||||
| CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2012-09-14 | 9.3 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | |||||
| CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2012-09-14 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
| CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | |||||
| CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | |||||
| CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2012-09-13 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | |||||
| CVE-2012-2859 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-08-07 | 7.5 HIGH | N/A |
| Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-2846 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-08-06 | 5.0 MEDIUM | N/A |
| Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. | |||||
| CVE-2008-7294 | 1 Google | 1 Chrome | 2012-08-01 | 5.8 MEDIUM | N/A |
| Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
| CVE-2012-2647 | 3 Apple, Google, Yahoo | 3 Safari, Chrome, Toolbar | 2012-07-31 | 5.8 MEDIUM | N/A |
| Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | |||||
| CVE-2012-2827 | 2 Apple, Google | 2 Mac Os X, Chrome | 2012-06-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2009-11-12 | 9.3 HIGH | N/A |
| The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | |||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2009-09-30 | 4.3 MEDIUM | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2009-09-29 | 7.5 HIGH | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||