Vulnerabilities > Google
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-11 | CVE-2009-1598 | Unspecified vulnerability in Google Chrome Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. | 9.3 |
2009-05-07 | CVE-2009-1442 | Numeric Errors vulnerability in Google Chrome Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | 6.8 |
2009-05-07 | CVE-2009-1441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel. | 9.3 |
2009-05-04 | CVE-2009-1514 | Resource Management Errors vulnerability in Google Chrome 1.0.154.53 Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | 5.0 |
2009-04-24 | CVE-2009-1414 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | 4.3 |
2009-04-24 | CVE-2009-1413 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. | 4.3 |
2009-04-24 | CVE-2009-1412 | Information Exposure vulnerability in Google Chrome Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. | 7.8 |
2009-03-24 | CVE-2008-6512 | Unspecified vulnerability in Google Gears Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. network google | 6.8 |
2009-02-03 | CVE-2009-0411 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | 5.0 |
2009-02-03 | CVE-2009-0276 | Unspecified vulnerability in Google Chrome Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | 5.0 |