Chrome
by Google
Source repositories
CVEs (4,993)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2652 | 0.00 | — | 0.01 | Jul 6, 2010 | Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-2651 | 0.00 | — | 0.01 | Jul 6, 2010 | The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2650 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | |||
| CVE-2010-2649 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. | |||
| CVE-2010-2648 | 0.00 | — | 0.02 | Jul 6, 2010 | The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2647 | 0.00 | — | 0.02 | Jul 6, 2010 | Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | |||
| CVE-2010-2646 | 0.00 | — | 0.01 | Jul 6, 2010 | Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | |||
| CVE-2010-2645 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. | |||
| CVE-2010-2302 | 0.00 | — | 0.03 | Jun 15, 2010 | Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar… | |||
| CVE-2010-2301 | 0.00 | — | 0.01 | Jun 15, 2010 | Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might… | |||
| CVE-2010-2299 | 0.00 | — | 0.03 | Jun 15, 2010 | The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors… | |||
| CVE-2010-2298 | 0.00 | — | 0.02 | Jun 15, 2010 | browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving… | |||
| CVE-2010-2297 | 0.00 | — | 0.03 | Jun 15, 2010 | rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | |||
| CVE-2010-2296 | 0.00 | — | 0.02 | Jun 15, 2010 | The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | |||
| CVE-2010-2295 | 0.00 | — | 0.01 | Jun 15, 2010 | page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar… | |||
| CVE-2010-1770 | 0.00 | — | 0.05 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers… | |||
| CVE-2010-2120 | 0.00 | — | 0.01 | Jun 1, 2010 | Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | |||
| CVE-2010-2110 | 0.00 | — | 0.01 | May 28, 2010 | Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. | |||
| CVE-2010-2109 | 0.00 | — | 0.01 | May 28, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. | |||
| CVE-2010-2108 | 0.00 | — | 0.01 | May 28, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. |
- CVE-2010-2652Jul 6, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-2651Jul 6, 2010risk 0.00cvss —epss 0.01
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2650Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."
- CVE-2010-2649Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
- CVE-2010-2648Jul 6, 2010risk 0.00cvss —epss 0.02
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2647Jul 6, 2010risk 0.00cvss —epss 0.02
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
- CVE-2010-2646Jul 6, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
- CVE-2010-2645Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
- CVE-2010-2302Jun 15, 2010risk 0.00cvss —epss 0.03
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar…
- CVE-2010-2301Jun 15, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might…
- CVE-2010-2299Jun 15, 2010risk 0.00cvss —epss 0.03
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors…
- CVE-2010-2298Jun 15, 2010risk 0.00cvss —epss 0.02
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving…
- CVE-2010-2297Jun 15, 2010risk 0.00cvss —epss 0.03
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
- CVE-2010-2296Jun 15, 2010risk 0.00cvss —epss 0.02
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
- CVE-2010-2295Jun 15, 2010risk 0.00cvss —epss 0.01
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar…
- CVE-2010-1770Jun 11, 2010risk 0.00cvss —epss 0.05
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers…
- CVE-2010-2120Jun 1, 2010risk 0.00cvss —epss 0.01
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
- CVE-2010-2110May 28, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
- CVE-2010-2109May 28, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
- CVE-2010-2108May 28, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
Page 246 of 250