Vulnerabilities > Google > Chrome > 4.0.258.0

DATE CVE VULNERABILITY TITLE RISK
2010-09-24 CVE-2010-1767 Cross-Site Request Forgery (CSRF) vulnerability in Google Chrome
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
network
google CWE-352
6.8
2010-09-16 CVE-2010-3417 Information Exposure vulnerability in Google Chrome
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
network
low complexity
google CWE-200
5.0
2010-09-16 CVE-2010-3416 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google linux CWE-119
7.5
2010-09-16 CVE-2010-3415 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google CWE-119
critical
10.0
2010-09-16 CVE-2010-3414 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google CWE-119
critical
10.0
2010-09-16 CVE-2010-3413 Denial-Of-Service vulnerability in Chrome
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
network
low complexity
google
5.0
2010-09-16 CVE-2010-3412 Race Condition vulnerability in Google Chrome
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
network
google CWE-362
critical
9.3
2010-09-16 CVE-2010-3411 Reachable Assertion vulnerability in Google Chrome
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
network
low complexity
google linux CWE-617
5.0
2010-09-07 CVE-2010-3259 Information Exposure vulnerability in multiple products
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
4.3
2010-09-07 CVE-2010-3258 Deserialization of Untrusted Data vulnerability in Google Chrome
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
network
google CWE-502
critical
9.3