Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2010-10-21 CVE-2010-4042 Improper Input Validation vulnerability in multiple products
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
network
low complexity
google opensuse CWE-20
critical
9.8
2010-10-21 CVE-2010-4041 Unspecified vulnerability in Google Chrome
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
network
low complexity
google
critical
9.8
2010-10-21 CVE-2010-4040 Improper Input Validation vulnerability in multiple products
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
local
low complexity
google debian opensuse CWE-20
7.8
2010-10-21 CVE-2010-4039 Unspecified vulnerability in Google Chrome
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
network
low complexity
google
critical
9.8
2010-10-21 CVE-2010-4038 Improper Resource Shutdown or Release vulnerability in Google Chrome
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
network
low complexity
google CWE-404
7.5
2010-10-05 CVE-2010-3730 Unspecified vulnerability in Google Chrome
Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.
network
low complexity
google
8.8
2010-10-05 CVE-2010-3729 Integer Overflow or Wraparound vulnerability in Google Chrome
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
google CWE-190
critical
9.8
2010-10-04 CVE-2010-1822 Incorrect Type Conversion or Cast vulnerability in multiple products
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
network
low complexity
google apple opensuse CWE-704
8.8
2010-09-24 CVE-2010-1773 Off-by-one Error vulnerability in multiple products
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
8.8
2010-09-24 CVE-2010-1772 Use After Free vulnerability in multiple products
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
8.8