Vulnerabilities > Google
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-03 | CVE-2009-0411 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | 5.0 |
2009-02-03 | CVE-2009-0276 | Unspecified vulnerability in Google Chrome Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | 5.0 |
2009-01-20 | CVE-2008-5915 | Unspecified vulnerability in Google Chrome An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
2008-10-23 | CVE-2008-4724 | Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. | 4.3 |
2008-09-30 | CVE-2008-4340 | Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30 Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | 4.3 |
2008-09-03 | CVE-2008-3891 | Improper Authentication vulnerability in Google Apps The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | 7.5 |
2008-03-06 | CVE-2008-0986 | Numeric Errors vulnerability in Google Android SDK M5Rc14 Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | 7.5 |
2008-03-06 | CVE-2008-0985 | Buffer Errors vulnerability in Google Android SDK M3Rc37A Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | 6.8 |
2007-12-27 | CVE-2007-6536 | Information Exposure vulnerability in Google Toolbar 4/5 The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | 6.8 |
2007-12-20 | CVE-2007-6452 | Cross-Site Scripting vulnerability in Google web Toolkit 1.4.60 Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | 4.3 |