Chrome
by Google
Source repositories
CVEs (5,320)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1302 | 0.00 | — | 0.03 | Apr 15, 2011 | Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2011-1301 | 0.00 | — | 0.04 | Apr 15, 2011 | Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2011-1300 | 0.00 | — | 0.03 | Apr 15, 2011 | The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on… | |||
| CVE-2011-1691 | 0.00 | — | 0.02 | Apr 15, 2011 | The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement… | |||
| CVE-2011-1296 | 0.00 | — | 0.02 | Mar 25, 2011 | Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||
| CVE-2011-1295 | 0.00 | — | 0.02 | Mar 25, 2011 | WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified… | |||
| CVE-2011-1294 | 0.00 | — | 0.02 | Mar 25, 2011 | Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||
| CVE-2011-1293 | 0.00 | — | 0.02 | Mar 25, 2011 | Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-1292 | 0.00 | — | 0.02 | Mar 25, 2011 | Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-1291 | 0.00 | — | 0.02 | Mar 25, 2011 | Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error." | |||
| CVE-2011-1465 | 0.00 | — | 0.02 | Mar 20, 2011 | The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream. | |||
| CVE-2011-1413 | 0.00 | — | 0.02 | Mar 11, 2011 | Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages. | |||
| CVE-2011-1286 | 0.00 | — | 0.02 | Mar 11, 2011 | Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory. | |||
| CVE-2011-1285 | 0.00 | — | 0.02 | Mar 11, 2011 | The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-1204 | 0.00 | — | 0.02 | Mar 11, 2011 | Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | |||
| CVE-2011-1203 | 0.00 | — | 0.02 | Mar 11, 2011 | Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||
| CVE-2011-1202 | 0.00 | — | 0.02 | Mar 11, 2011 | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a… | |||
| CVE-2011-1201 | 0.00 | — | 0.02 | Mar 11, 2011 | The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||
| CVE-2011-1200 | 0.00 | — | 0.01 | Mar 11, 2011 | Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||
| CVE-2011-1199 | 0.00 | — | 0.02 | Mar 11, 2011 | Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. |
- CVE-2011-1302Apr 15, 2011risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2011-1301Apr 15, 2011risk 0.00cvss —epss 0.04
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2011-1300Apr 15, 2011risk 0.00cvss —epss 0.03
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on…
- CVE-2011-1691Apr 15, 2011risk 0.00cvss —epss 0.02
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement…
- CVE-2011-1296Mar 25, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
- CVE-2011-1295Mar 25, 2011risk 0.00cvss —epss 0.02
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified…
- CVE-2011-1294Mar 25, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
- CVE-2011-1293Mar 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-1292Mar 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-1291Mar 25, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
- CVE-2011-1465Mar 20, 2011risk 0.00cvss —epss 0.02
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
- CVE-2011-1413Mar 11, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.
- CVE-2011-1286Mar 11, 2011risk 0.00cvss —epss 0.02
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.
- CVE-2011-1285Mar 11, 2011risk 0.00cvss —epss 0.02
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2011-1204Mar 11, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
- CVE-2011-1203Mar 11, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
- CVE-2011-1202Mar 11, 2011risk 0.00cvss —epss 0.02
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a…
- CVE-2011-1201Mar 11, 2011risk 0.00cvss —epss 0.02
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
- CVE-2011-1200Mar 11, 2011risk 0.00cvss —epss 0.01
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
- CVE-2011-1199Mar 11, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Page 255 of 266