apk package
chainguard/chromium
pkg:apk/chainguard/chromium
Vulnerabilities (491)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-6662 | — | < 0 | 0 | Apr 13, 2017 | Google Chrome caches TLS sessions before certificate validation occurs. | ||
| CVE-2013-6647 | Cri | 9.8 | < 0 | 0 | Apr 11, 2017 | A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | |
| CVE-2016-7153 | Med | 5.3 | < 0 | 0 | Sep 6, 2016 | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "H | |
| CVE-2016-7152 | Med | 5.3 | < 0 | 0 | Sep 6, 2016 | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HE | |
| CVE-2015-4000 | Low | 3.7 | < 0 | 0 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D | |
| CVE-2012-4930 | — | < 0 | 0 | Sep 15, 2012 | The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers | ||
| CVE-2012-4929 | — | < 0 | 0 | Sep 15, 2012 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing | ||
| CVE-2011-3389 | — | < 0 | 0 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob | ||
| CVE-2010-1731 | — | < 0 | 0 | May 6, 2010 | Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop. | ||
| CVE-2009-1598 | — | < 0 | 0 | May 11, 2009 | Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document objec | ||
| CVE-2008-5915 | — | < 0 | 0 | Jan 20, 2009 | An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-sess |
- CVE-2013-6662Apr 13, 2017affected < 0fixed 0
Google Chrome caches TLS sessions before certificate validation occurs.
- affected < 0fixed 0
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
- affected < 0fixed 0
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "H
- affected < 0fixed 0
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HE
- affected < 0fixed 0
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
- CVE-2012-4930Sep 15, 2012affected < 0fixed 0
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers
- CVE-2012-4929Sep 15, 2012affected < 0fixed 0
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing
- CVE-2011-3389Sep 6, 2011affected < 0fixed 0
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob
- CVE-2010-1731May 6, 2010affected < 0fixed 0
Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.
- CVE-2009-1598May 11, 2009affected < 0fixed 0
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document objec
- CVE-2008-5915Jan 20, 2009affected < 0fixed 0
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-sess
Page 25 of 25