Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2010-01-15 CVE-2010-0280 Numeric Errors vulnerability in multiple products
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
9.3
2010-01-14 CVE-2010-0315 Multiple Security vulnerability in Google Chrome prior to 4.0.249.89
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
network
low complexity
google
5.0
2009-11-13 CVE-2009-2816 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
6.8
2009-11-12 CVE-2009-3934 Unspecified vulnerability in Google Chrome
The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
network
google
4.3
2009-11-12 CVE-2009-3933 Resource Management Errors vulnerability in Webkit 2.4.11
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.
network
low complexity
webkit google CWE-399
5.0
2009-11-12 CVE-2009-3932 Denial-Of-Service vulnerability in Chrome
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
network
google
critical
9.3
2009-11-12 CVE-2009-3931 Improper Input Validation vulnerability in Google Chrome
Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy.
network
google CWE-20
critical
9.3
2009-10-14 CVE-2009-3698 Remote Denial Of Service vulnerability in Google Android 1.0/1.1/1.5
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
network
google
4.3
2009-10-14 CVE-2009-2999 Unspecified vulnerability in Google Android 1.5
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.
network
google
4.3
2009-09-29 CVE-2009-3456 Cryptographic Issues vulnerability in Google Chrome
Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
network
low complexity
google CWE-310
7.5