Vulnerabilities > Google > Chrome > 4.1.249.1020

DATE CVE VULNERABILITY TITLE RISK
2010-06-15 CVE-2010-2301 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element.
4.3
2010-06-15 CVE-2010-2300 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784.
network
low complexity
google CWE-416
critical
10.0
2010-06-15 CVE-2010-2299 Type Confusion vulnerability in Google Chrome
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.
network
low complexity
google CWE-843
critical
10.0
2010-06-15 CVE-2010-2298 Improper Input Validation vulnerability in Google Chrome
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.
network
low complexity
google linux CWE-20
critical
10.0
2010-06-15 CVE-2010-2297 Code Injection vulnerability in multiple products
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
network
google opensuse suse CWE-94
critical
9.3
2010-06-15 CVE-2010-2296 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
network
google CWE-264
critical
9.3
2010-06-15 CVE-2010-2295 Improper Input Validation vulnerability in Google Chrome
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610.
network
google CWE-20
4.3
2010-06-11 CVE-2010-1770 Code Injection vulnerability in multiple products
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
9.3
2010-05-28 CVE-2010-2110 Unspecified vulnerability in Google Chrome
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
network
low complexity
google
7.5
2010-05-28 CVE-2010-2109 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
network
low complexity
google
7.5