rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-3069 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 5, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. | ||
| CVE-2011-3068 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 5, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. | ||
| CVE-2011-3067 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 5, 2012 | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | ||
| CVE-2011-3066 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 5, 2012 | Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2011-3065 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-3064 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. | ||
| CVE-2011-3063 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. | ||
| CVE-2011-3062 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. | ||
| CVE-2011-3061 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | ||
| CVE-2011-3060 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2011-3059 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2011-3058 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||
| CVE-2011-3049 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 23, 2012 | Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. | ||
| CVE-2011-3057 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. | ||
| CVE-2011-3056 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | ||
| CVE-2011-3055 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | ||
| CVE-2011-3054 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
| CVE-2011-3053 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | ||
| CVE-2011-3052 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-3051 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 22, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. |
- CVE-2011-3069Apr 5, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
- CVE-2011-3068Apr 5, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
- CVE-2011-3067Apr 5, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
- CVE-2011-3066Apr 5, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-3065Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2011-3064Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
- CVE-2011-3063Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
- CVE-2011-3062Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
- CVE-2011-3061Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
- CVE-2011-3060Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-3059Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-3058Mar 30, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
- CVE-2011-3049Mar 23, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
- CVE-2011-3057Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
- CVE-2011-3056Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
- CVE-2011-3055Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
- CVE-2011-3054Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2011-3053Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
- CVE-2011-3052Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2011-3051Mar 22, 2012affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function.
Page 199 of 203