VYPR

Chrome

by Google

Source repositories

CVEs (5,373)

  • CVE-2010-0315Jan 14, 2010
    risk 0.04cvss epss 0.07

    WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the…

  • CVE-2008-6998Aug 19, 2009
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which…

  • CVE-2008-6996Aug 19, 2009
    risk 0.04cvss epss 0.06

    Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file,…

  • CVE-2008-6994Aug 19, 2009
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves…

  • CVE-2013-6166Feb 15, 2014
    risk 0.03cvss epss 0.02

    Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to…

  • CVE-2013-6627Nov 13, 2013
    risk 0.03cvss epss 0.05

    net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

  • CVE-2012-5851Nov 15, 2012
    risk 0.03cvss epss 0.02

    html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a…

  • CVE-2012-4909Sep 13, 2012
    risk 0.03cvss epss 0.02

    Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.

  • CVE-2012-4908Sep 13, 2012
    risk 0.03cvss epss 0.03

    Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.

  • CVE-2012-4906Sep 13, 2012
    risk 0.03cvss epss 0.03

    Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.

  • CVE-2012-4905Sep 13, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."

  • CVE-2012-2764Jun 27, 2012
    risk 0.03cvss epss 0.00

    Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

  • CVE-2011-2841Sep 19, 2011
    risk 0.03cvss epss 0.04

    Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

  • CVE-2008-7246Sep 18, 2009
    risk 0.03cvss epss 0.02

    Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

  • CVE-2008-7061Aug 24, 2009
    risk 0.03cvss epss 0.04

    The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly…

  • CVE-2008-6997Aug 19, 2009
    risk 0.03cvss epss 0.04

    Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.

  • CVE-2008-6995Aug 19, 2009
    risk 0.03cvss epss 0.05

    Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated…

  • CVE-2009-2352Jul 7, 2009
    risk 0.03cvss epss 0.02

    Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh…

  • CVE-2009-1514May 4, 2009
    risk 0.03cvss epss 0.03

    Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.

  • CVE-2009-0374Jan 30, 2009
    risk 0.03cvss epss 0.02

    Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue,…

Page 179 of 269