Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

19 matches found

CVE•added 2011/12/13 9:55 p.m.•78 views

CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS7.1AI score0.01327EPSS

CVE•added 2011/12/13 9:55 p.m.•58 views

CVE-2011-3908

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.0234EPSS

CVE•added 2011/12/13 9:55 p.m.•57 views

CVE-2011-3903

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00535EPSS

CVE•added 2011/12/13 9:55 p.m.•57 views

CVE-2011-3913

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

7.5CVSS7AI score0.0229EPSS

CVE•added 2011/12/13 9:55 p.m.•53 views

CVE-2011-3912

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

7.5CVSS7AI score0.00609EPSS

CVE•added 2011/12/07 7:55 p.m.•52 views

CVE-2010-5073

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-201...

5CVSS5.5AI score0.00204EPSS

CVE•added 2011/12/07 7:55 p.m.•50 views

CVE-2010-5069

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.

4.3CVSS5.1AI score0.00732EPSS

CVE•added 2011/12/13 9:55 p.m.•50 views

CVE-2011-3910

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00535EPSS

CVE•added 2011/12/13 9:55 p.m.•49 views

CVE-2011-3909

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

5CVSS6AI score0.0234EPSS

CVE•added 2011/12/07 7:55 p.m.•49 views

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5CVSS6.1AI score0.0023EPSS

CVE•added 2011/12/13 9:55 p.m.•48 views

CVE-2011-3907

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6AI score0.00242EPSS

CVE•added 2011/12/13 9:55 p.m.•46 views

CVE-2011-3904

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.

7.5CVSS7AI score0.00712EPSS

CVE•added 2011/12/13 9:55 p.m.•45 views

CVE-2011-3906

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.00535EPSS

CVE•added 2011/12/13 9:55 p.m.•45 views

CVE-2011-3914

The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

7.5CVSS7AI score0.00519EPSS

CVE•added 2011/12/13 9:55 p.m.•45 views

CVE-2011-3915

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.

7.5CVSS7.3AI score0.00566EPSS

CVE•added 2011/12/13 9:55 p.m.•42 views

CVE-2011-3916

Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.00535EPSS

CVE•added 2011/12/13 9:55 p.m.•42 views

CVE-2011-3917

Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.5AI score0.00566EPSS

CVE•added 2011/12/07 7:55 p.m.•42 views

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demons...

5CVSS5.7AI score0.0023EPSS

CVE•added 2011/12/13 9:55 p.m.•38 views

CVE-2011-3911

Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00535EPSS