Vulnerabilities > Google > Chrome > 2.0.172.38

DATE CVE VULNERABILITY TITLE RISK
2015-03-09 CVE-2015-2239 Data Processing Errors vulnerability in Google Chrome
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231.
network
google CWE-19
4.3
2015-03-09 CVE-2015-2238 Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
canonical google
7.5
2015-03-09 CVE-2014-9689 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.
network
low complexity
google CWE-264
5.0
2015-03-09 CVE-2011-5319 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.
network
low complexity
google CWE-264
5.0
2015-01-27 CVE-2015-1361 Code vulnerability in Google Chrome
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205.
network
google CWE-17
6.8
2015-01-27 CVE-2015-1360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.
network
low complexity
google CWE-119
7.5
2015-01-27 CVE-2015-1359 Numeric Errors vulnerability in Google Chrome
Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205.
network
google CWE-189
6.8
2015-01-27 CVE-2014-9648 Improper Access Control vulnerability in Google Chrome
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.
network
google CWE-284
4.3
2015-01-27 CVE-2014-9647 Denial-Of-Service vulnerability in Chrome
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205.
network
google
6.8
2015-01-27 CVE-2014-9646 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.
local
low complexity
google CWE-264
4.6