Vulnerabilities > Google
|2010-01-15||CVE-2010-0280|| Numeric Errors vulnerability in multiple products |
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
| 9.3 |
|2010-01-14||CVE-2010-0315|| Multiple Security vulnerability in Google Chrome prior to 18.104.22.168 |
WebKit before r53607, as used in Google Chrome before 22.214.171.124, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets.href property value, related to an IFRAME element.
| 5.0 |
|2009-11-13||CVE-2009-2816|| Cross-Site Request Forgery (CSRF) vulnerability in multiple products |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 126.96.36.199, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
| 6.8 |
|2009-11-12||CVE-2009-3934|| Unspecified vulnerability in Google Chrome |
The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 188.8.131.52 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
| 4.3 |
|2009-11-12||CVE-2009-3933|| Resource Management Errors vulnerability in Webkit 2.4.11 |
| 5.0 |
|2009-11-12||CVE-2009-3932|| Denial-Of-Service vulnerability in Chrome |
The Gears plugin in Google Chrome before 184.108.40.206 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
| 9.3 |
|2009-11-12||CVE-2009-3931|| Improper Input Validation vulnerability in Google Chrome |
Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 220.127.116.11 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy.
| 9.3 |
|2009-10-14||CVE-2009-3698|| Remote Denial Of Service vulnerability in Google Android 1.0/1.1/1.5 |
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
| 4.3 |
|2009-10-14||CVE-2009-2999|| Unspecified vulnerability in Google Android 1.5 |
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.
| 4.3 |
|2009-09-29||CVE-2009-3456|| Cryptographic Issues vulnerability in Google Chrome |
Google Chrome, possibly 18.104.22.168 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| 7.5 |