Chrome
by Google
Source repositories
CVEs (5,320)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2903 | 0.00 | — | 0.01 | Jul 28, 2010 | Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors. | |||
| CVE-2010-2902 | 0.00 | — | 0.02 | Jul 28, 2010 | The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2901 | 0.00 | — | 0.02 | Jul 28, 2010 | The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2900 | 0.00 | — | 0.01 | Jul 28, 2010 | Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors. | |||
| CVE-2010-2899 | 0.00 | — | 0.01 | Jul 28, 2010 | Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors. | |||
| CVE-2010-2898 | 0.00 | — | 0.01 | Jul 28, 2010 | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. | |||
| CVE-2010-2897 | 0.00 | — | 0.01 | Jul 28, 2010 | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. | |||
| CVE-2010-2652 | 0.00 | — | 0.01 | Jul 6, 2010 | Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-2651 | 0.00 | — | 0.01 | Jul 6, 2010 | The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2650 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | |||
| CVE-2010-2649 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. | |||
| CVE-2010-2648 | 0.00 | — | 0.02 | Jul 6, 2010 | The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2647 | 0.00 | — | 0.02 | Jul 6, 2010 | Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | |||
| CVE-2010-2646 | 0.00 | — | 0.01 | Jul 6, 2010 | Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | |||
| CVE-2010-2645 | 0.00 | — | 0.01 | Jul 6, 2010 | Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. | |||
| CVE-2010-2302 | 0.00 | — | 0.03 | Jun 15, 2010 | Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar… | |||
| CVE-2010-2301 | 0.00 | — | 0.01 | Jun 15, 2010 | Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might… | |||
| CVE-2010-2299 | 0.00 | — | 0.03 | Jun 15, 2010 | The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors… | |||
| CVE-2010-2298 | 0.00 | — | 0.02 | Jun 15, 2010 | browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving… | |||
| CVE-2010-2297 | 0.00 | — | 0.03 | Jun 15, 2010 | rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. |
- CVE-2010-2903Jul 28, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.
- CVE-2010-2902Jul 28, 2010risk 0.00cvss —epss 0.02
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2901Jul 28, 2010risk 0.00cvss —epss 0.02
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2900Jul 28, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
- CVE-2010-2899Jul 28, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
- CVE-2010-2898Jul 28, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
- CVE-2010-2897Jul 28, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
- CVE-2010-2652Jul 6, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-2651Jul 6, 2010risk 0.00cvss —epss 0.01
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2650Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."
- CVE-2010-2649Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
- CVE-2010-2648Jul 6, 2010risk 0.00cvss —epss 0.02
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2647Jul 6, 2010risk 0.00cvss —epss 0.02
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
- CVE-2010-2646Jul 6, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
- CVE-2010-2645Jul 6, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
- CVE-2010-2302Jun 15, 2010risk 0.00cvss —epss 0.03
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar…
- CVE-2010-2301Jun 15, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might…
- CVE-2010-2299Jun 15, 2010risk 0.00cvss —epss 0.03
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors…
- CVE-2010-2298Jun 15, 2010risk 0.00cvss —epss 0.02
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving…
- CVE-2010-2297Jun 15, 2010risk 0.00cvss —epss 0.03
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
Page 262 of 266