Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-03 | CVE-2010-1664 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. | 5.0 |
| 2010-04-23 | CVE-2010-1504 | Cross-Site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI. | 4.3 |
| 2010-04-23 | CVE-2010-1503 | Cross-Site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI. | 4.3 |
| 2010-04-01 | CVE-2010-1236 | Cross-Site Scripting vulnerability in multiple products The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence. | 4.3 |
| 2010-04-01 | CVE-2010-1235 | Improper Input Validation vulnerability in Google Chrome Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors. | 4.3 |
| 2010-04-01 | CVE-2010-1232 | Resource Management Errors vulnerability in Google Chrome Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document. | 5.0 |
| 2010-03-19 | CVE-2010-1029 | Resource Management Errors vulnerability in multiple products Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | 5.0 |
| 2010-02-18 | CVE-2010-0664 | Resource Management Errors vulnerability in Google Chrome Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring. | 5.0 |
| 2010-02-18 | CVE-2010-0663 | Information Exposure vulnerability in Google Chrome The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas. | 5.0 |
| 2010-02-18 | CVE-2010-0662 | Numeric Errors vulnerability in Google Chrome The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization. | 5.0 |