Vulnerabilities > Google > Chrome > 5.0.375.23

DATE CVE VULNERABILITY TITLE RISK
2010-06-15 CVE-2010-2298 Improper Input Validation vulnerability in Google Chrome
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.
network
low complexity
google linux CWE-20
critical
10.0
2010-06-15 CVE-2010-2297 Code Injection vulnerability in multiple products
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
network
google opensuse suse CWE-94
critical
9.3
2010-06-15 CVE-2010-2296 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
network
google CWE-264
critical
9.3
2010-06-15 CVE-2010-2295 Improper Input Validation vulnerability in Google Chrome
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610.
network
google CWE-20
4.3
2010-06-11 CVE-2010-1770 Code Injection vulnerability in multiple products
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
9.3
2010-05-28 CVE-2010-2110 Unspecified vulnerability in Google Chrome
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
network
low complexity
google
7.5
2010-05-28 CVE-2010-2109 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
network
low complexity
google
7.5
2010-05-28 CVE-2010-2108 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
network
low complexity
google
7.5
2010-05-28 CVE-2010-2107 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
network
low complexity
google
critical
10.0
2010-05-28 CVE-2010-2106 Unspecified vulnerability in Google Chrome
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
network
google
4.3