Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2009-05-04 CVE-2009-1514 Resource Management Errors vulnerability in Google Chrome 1.0.154.53
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
network
low complexity
google CWE-399
5.0
2009-04-24 CVE-2009-1414 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.
network
google CWE-264
4.3
2009-04-24 CVE-2009-1413 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site.
network
google CWE-264
4.3
2009-04-24 CVE-2009-1412 Information Exposure vulnerability in Google Chrome
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL.
network
low complexity
google CWE-200
7.8
2009-03-24 CVE-2008-6512 Unspecified vulnerability in Google Gears
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.
network
google
6.8
2009-02-03 CVE-2009-0411 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
network
low complexity
google CWE-264
5.0
2009-02-03 CVE-2009-0276 Unspecified vulnerability in Google Chrome
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
network
low complexity
google
5.0
2009-01-20 CVE-2008-5915 Unspecified vulnerability in Google Chrome
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information.
network
high complexity
google
2.1
2008-10-23 CVE-2008-4724 Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file.
network
google CWE-79
4.3
2008-09-30 CVE-2008-4340 Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
network
google CWE-20
4.3