Vulnerabilities > Google > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-06 | CVE-2010-2647 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | 9.3 |
2010-07-06 | CVE-2010-2646 | Unspecified vulnerability in Google Chrome Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | 9.3 |
2010-06-30 | CVE-2010-1205 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | 9.8 |
2010-06-15 | CVE-2010-2302 | USE After Free vulnerability in multiple products Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. | 10.0 |
2010-06-15 | CVE-2010-2300 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. | 10.0 |
2010-06-15 | CVE-2010-2299 | Type Confusion vulnerability in Google Chrome The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue. | 10.0 |
2010-06-15 | CVE-2010-2298 | Improper Input Validation vulnerability in Google Chrome browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls. | 10.0 |
2010-06-15 | CVE-2010-2297 | Code Injection vulnerability in multiple products rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | 9.3 |
2010-06-15 | CVE-2010-2296 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | 9.3 |
2010-06-11 | CVE-2010-1770 | Code Injection vulnerability in multiple products WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | 9.3 |