Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-24 | CVE-2009-1412 | Information Exposure vulnerability in Google Chrome Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. | 7.8 |
| 2009-03-24 | CVE-2008-6512 | Unspecified vulnerability in Google Gears Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. network google | 6.8 |
| 2009-02-03 | CVE-2009-0411 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | 5.0 |
| 2009-02-03 | CVE-2009-0276 | Unspecified vulnerability in Google Chrome Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | 5.0 |
| 2009-01-20 | CVE-2008-5915 | Unspecified vulnerability in Google Chrome An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
| 2008-10-23 | CVE-2008-4724 | Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. | 4.3 |
| 2008-09-30 | CVE-2008-4340 | Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30 Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | 4.3 |
| 2008-09-03 | CVE-2008-3891 | Improper Authentication vulnerability in Google Apps The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | 7.5 |
| 2008-03-06 | CVE-2008-0986 | Numeric Errors vulnerability in Google Android SDK M5Rc14 Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | 7.5 |
| 2008-03-06 | CVE-2008-0985 | Buffer Errors vulnerability in Google Android SDK M3Rc37A Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | 6.8 |