Vulnerabilities > Google > Chrome > 5.0.357.0

DATE CVE VULNERABILITY TITLE RISK
2010-07-06 CVE-2010-2649 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
network
google
4.3
2010-07-06 CVE-2010-2648 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
google opensuse canonical CWE-119
critical
9.3
2010-07-06 CVE-2010-2647 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
network
google canonical CWE-119
critical
9.3
2010-07-06 CVE-2010-2646 Unspecified vulnerability in Google Chrome
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
network
google
critical
9.3
2010-07-06 CVE-2010-2645 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
network
google
6.8
2010-06-30 CVE-2010-1205 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
9.8
2010-06-15 CVE-2010-2302 USE After Free vulnerability in multiple products
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953.
network
low complexity
google opensuse suse CWE-416
critical
10.0
2010-06-15 CVE-2010-2301 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element.
4.3
2010-06-15 CVE-2010-2300 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784.
network
low complexity
google CWE-416
critical
10.0
2010-06-15 CVE-2010-2299 Type Confusion vulnerability in Google Chrome
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.
network
low complexity
google CWE-843
critical
10.0