Vulnerabilities > Google > Chrome > 5.0.375.44

DATE CVE VULNERABILITY TITLE RISK
2015-03-09 CVE-2014-9689 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.
network
low complexity
google CWE-264
5.0
2015-03-09 CVE-2011-5319 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.
network
low complexity
google CWE-264
5.0
2015-01-27 CVE-2015-1361 Code vulnerability in Google Chrome
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205.
network
google CWE-17
6.8
2015-01-27 CVE-2015-1360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.
network
low complexity
google CWE-119
7.5
2015-01-27 CVE-2015-1359 Numeric Errors vulnerability in Google Chrome
Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205.
network
google CWE-189
6.8
2015-01-27 CVE-2014-9648 Improper Access Control vulnerability in Google Chrome
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.
network
google CWE-284
4.3
2015-01-27 CVE-2014-9647 Denial-Of-Service vulnerability in Chrome
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205.
network
google
6.8
2015-01-27 CVE-2014-9646 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.
local
low complexity
google CWE-264
4.6
2015-01-22 CVE-2015-1346 Security vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google chromium canonical
7.5
2014-05-21 CVE-2014-3803 Information Exposure vulnerability in Google Chrome
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
network
google CWE-200
4.3