Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2011-12-27 CVE-2011-4783 Improper Input Validation vulnerability in Google Idapython
The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.
network
google hex-rays CWE-20
critical
9.3
2011-12-09 CVE-2011-4719 Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
network
low complexity
google acer samsung
critical
10.0
2011-12-07 CVE-2011-4692 Permissions, Privileges, and Access Controls vulnerability in multiple products
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
network
low complexity
apple google CWE-264
5.0
2011-12-07 CVE-2011-4691 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
network
low complexity
google CWE-264
5.0
2011-12-07 CVE-2010-5073 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
network
low complexity
google CWE-264
5.0
2011-12-07 CVE-2010-5069 Information Exposure vulnerability in Google Chrome
The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.
network
google CWE-200
4.3
2011-11-24 CVE-2011-4548 Remote Security vulnerability in Chrome Os
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
network
low complexity
google acer samsung
critical
10.0
2011-11-11 CVE-2011-2460 Buffer Errors vulnerability in Adobe AIR and Flash Player
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.
network
low complexity
adobe apple linux microsoft sun google CWE-119
critical
10.0
2011-11-11 CVE-2011-2459 Buffer Errors vulnerability in Adobe AIR and Flash Player
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.
network
low complexity
adobe apple linux microsoft sun google CWE-119
critical
10.0
2011-11-11 CVE-2011-2458 Permissions, Privileges, and Access Controls vulnerability in Adobe AIR and Flash Player
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
9.3