Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

10 matches found

CVE•added 2010/11/17 1:0 a.m.•84 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS

CVE•added 2010/11/06 12:0 a.m.•72 views

CVE-2010-4203

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

10CVSS9.5AI score0.08115EPSS

CVE•added 2010/11/06 12:0 a.m.•64 views

CVE-2010-4206

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted...

8.8CVSS9AI score0.02948EPSS

CVE•added 2010/11/06 12:0 a.m.•59 views

CVE-2010-4197

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

9.8CVSS9.4AI score0.06283EPSS

CVE•added 2010/11/06 12:0 a.m.•58 views

CVE-2010-4199

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

8.8CVSS9.2AI score0.0081EPSS

CVE•added 2010/11/06 12:0 a.m.•57 views

CVE-2010-4204

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

9.8CVSS9.5AI score0.04352EPSS

CVE•added 2010/11/06 12:0 a.m.•51 views

CVE-2010-4198

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

8.8CVSS9.1AI score0.01284EPSS

CVE•added 2010/11/06 12:0 a.m.•48 views

CVE-2010-4205

Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

9.8CVSS9.6AI score0.0086EPSS

CVE•added 2010/11/06 12:0 a.m.•42 views

CVE-2010-4201

Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.

9.8CVSS9.5AI score0.00491EPSS

CVE•added 2010/11/06 12:0 a.m.•37 views

CVE-2010-4202

Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.

9.8CVSS9.4AI score0.00888EPSS