Vulnerabilities > Google > Chrome > 5.0.375.17

DATE CVE VULNERABILITY TITLE RISK
2011-04-15 CVE-2011-1300 Numeric Errors vulnerability in multiple products
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
network
low complexity
mozilla microsoft google CWE-189
critical
10.0
2011-04-15 CVE-2011-1691 Null Pointer Dereference vulnerability in Google Chrome
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.
network
low complexity
apple google CWE-476
5.0
2011-04-13 CVE-2011-0611 Type Confusion vulnerability in multiple products
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
network
low complexity
adobe google suse opensuse CWE-843
8.8
2011-03-25 CVE-2011-1296 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google apple CWE-20
7.5
2011-03-25 CVE-2011-1295 Improper Input Validation vulnerability in Google Chrome
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.
network
low complexity
apple google CWE-20
7.5
2011-03-25 CVE-2011-1294 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google CWE-20
7.5
2011-03-25 CVE-2011-1293 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google debian apple CWE-416
7.5
2011-03-25 CVE-2011-1292 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google debian CWE-416
7.5
2011-03-25 CVE-2011-1291 Classic Buffer Overflow vulnerability in Google Chrome
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
network
low complexity
google CWE-120
7.5
2011-03-20 CVE-2011-1465 Unspecified vulnerability in Google Chrome
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
network
low complexity
google
5.0