Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2009-09-18 CVE-2009-3268 Resource Management Errors vulnerability in Google Chrome
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
network
low complexity
google CWE-399
5.0
2009-09-18 CVE-2009-3264 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
network
google CWE-264
4.3
2009-09-18 CVE-2009-3263 Cross-Site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." Per http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded VII.
network
google CWE-79
4.3
2009-09-18 CVE-2008-7246 Resource Management Errors vulnerability in Google Chrome
Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
network
low complexity
google CWE-399
5.0
2009-08-31 CVE-2009-3011 Cross-Site Scripting vulnerability in Google Chrome
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
network
google CWE-79
4.3
2009-08-27 CVE-2009-2974 Denial-Of-Service vulnerability in Chrome
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.
network
low complexity
google
5.0
2009-08-27 CVE-2009-2973 Cryptographic Issues vulnerability in Google Chrome
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.
network
low complexity
google CWE-310
6.4
2009-08-27 CVE-2009-2935 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
network
low complexity
google CWE-264
critical
10.0
2009-08-24 CVE-2008-7061 Resource Management Errors vulnerability in Google Chrome 0.2.149.29
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994.
network
google CWE-399
4.3
2009-08-24 CVE-2009-2955 Improper Input Validation vulnerability in Google Chrome
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
network
low complexity
google CWE-20
5.0