Vulnerabilities > Google > Chrome > 4.0.295.0

DATE CVE VULNERABILITY TITLE RISK
2010-04-23 CVE-2010-1504 Cross-Site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
network
google CWE-79
4.3
2010-04-23 CVE-2010-1503 Cross-Site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
network
google CWE-79
4.3
2010-04-23 CVE-2010-1502 Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
network
google
critical
9.3
2010-04-23 CVE-2010-1500 Multiple Security vulnerability in RETIRED: Google Chrome prior to 4.1.249.1059
Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
network
low complexity
google
7.5
2010-04-01 CVE-2010-1236 Cross-Site Scripting vulnerability in multiple products
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
network
google flock CWE-79
4.3
2010-04-01 CVE-2010-1235 Improper Input Validation vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.
network
google CWE-20
4.3
2010-04-01 CVE-2010-1234 Remote Security vulnerability in Chrome
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.
network
low complexity
google
7.5
2010-04-01 CVE-2010-1232 Resource Management Errors vulnerability in Google Chrome
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.
network
low complexity
google CWE-399
5.0
2010-04-01 CVE-2010-1231 Remote Security vulnerability in Chrome
Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.
network
low complexity
google
7.5
2010-04-01 CVE-2010-1230 Information Exposure vulnerability in Google Chrome
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
network
low complexity
google CWE-200
critical
10.0