Vulnerabilities > Google > Chrome > 3.0.195.21
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-12 | CVE-2009-3933 | Resource Management Errors vulnerability in Webkit 2.4.11 WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. | 5.0 |
2009-11-12 | CVE-2009-3932 | Denial-Of-Service vulnerability in Chrome The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | 9.3 |
2009-11-12 | CVE-2009-3931 | Improper Input Validation vulnerability in Google Chrome Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy. | 9.3 |
2009-09-29 | CVE-2009-3456 | Cryptographic Issues vulnerability in Google Chrome Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |