VYPR

Vendor CVEs

Google

All CVEs

11,327 total · sorted by risk
  • CVE-2013-2835Apr 16, 2013
    risk 0.00cvss epss 0.01

    Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834.

  • CVE-2013-2834Apr 16, 2013
    risk 0.00cvss epss 0.01

    Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835.

  • CVE-2013-2833Apr 16, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and…

  • CVE-2013-2832Apr 16, 2013
    risk 0.00cvss epss 0.01

    The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2013-0927Apr 10, 2013
    risk 0.00cvss epss 0.01

    Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended…

  • CVE-2013-0926Mar 28, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.

  • CVE-2013-0925Mar 28, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.

  • CVE-2013-0924Mar 28, 2013
    risk 0.00cvss epss 0.01

    The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.

  • CVE-2013-0923Mar 28, 2013
    risk 0.00cvss epss 0.01

    The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2013-0922Mar 28, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.

  • CVE-2013-0921Mar 28, 2013
    risk 0.00cvss epss 0.01

    The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.

  • CVE-2013-0920Mar 28, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-0919Mar 28, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.

  • CVE-2013-0918Mar 28, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.

  • CVE-2013-0917Mar 28, 2013
    risk 0.00cvss epss 0.01

    The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2013-0916Mar 28, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-2300Mar 27, 2013
    risk 0.00cvss epss 0.01

    The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.

  • CVE-2013-2632Mar 21, 2013
    risk 0.00cvss epss 0.01

    Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.

  • CVE-2013-0915Mar 18, 2013
    risk 0.00cvss epss 0.01

    The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow."

  • CVE-2013-0913Mar 18, 2013
    risk 0.00cvss epss 0.01

    Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of…

  • CVE-2013-0912Mar 11, 2013
    risk 0.00cvss epss 0.04

    WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."

  • CVE-2013-2493Mar 7, 2013
    risk 0.00cvss epss 0.01

    The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application…

  • CVE-2013-0911Mar 5, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.

  • CVE-2013-0910Mar 5, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors…

  • CVE-2013-0909Mar 5, 2013
    risk 0.00cvss epss 0.01

    The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.

  • CVE-2013-0908Mar 5, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

  • CVE-2013-0907Mar 5, 2013
    risk 0.00cvss epss 0.01

    Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.

  • CVE-2013-0906Mar 5, 2013
    risk 0.00cvss epss 0.01

    The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-0905Mar 5, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.

  • CVE-2013-0904Mar 5, 2013
    risk 0.00cvss epss 0.01

    The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-0903Mar 5, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.

  • CVE-2013-0902Mar 5, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-2268Feb 23, 2013
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

  • CVE-2013-0900Feb 23, 2013
    risk 0.00cvss epss 0.01

    Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

  • CVE-2013-0899Feb 23, 2013
    risk 0.00cvss epss 0.02

    Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to…

  • CVE-2013-0898Feb 23, 2013
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.

  • CVE-2013-0897Feb 23, 2013
    risk 0.00cvss epss 0.01

    Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.

  • CVE-2013-0896Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown…

  • CVE-2013-0895Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.

  • CVE-2013-0894Feb 23, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote…

  • CVE-2013-0893Feb 23, 2013
    risk 0.00cvss epss 0.01

    Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.

  • CVE-2013-0892Feb 23, 2013
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2013-0891Feb 23, 2013
    risk 0.00cvss epss 0.01

    Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.

  • CVE-2013-0890Feb 23, 2013
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

  • CVE-2013-0889Feb 23, 2013
    risk 0.00cvss epss 0.02

    Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

  • CVE-2013-0888Feb 23, 2013
    risk 0.00cvss epss 0.02

    Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

  • CVE-2013-0887Feb 23, 2013
    risk 0.00cvss epss 0.01

    The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.

  • CVE-2013-0886Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

  • CVE-2013-0885Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

  • CVE-2013-0884Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

Page 211 of 227