Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-03 | CVE-2009-0411 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | 5.0 |
| 2009-02-03 | CVE-2009-0276 | Unspecified vulnerability in Google Chrome Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | 5.0 |
| 2008-10-23 | CVE-2008-4724 | Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. | 4.3 |
| 2008-09-30 | CVE-2008-4340 | Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30 Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | 4.3 |
| 2008-03-06 | CVE-2008-0985 | Buffer Errors vulnerability in Google Android SDK M3Rc37A Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | 6.8 |
| 2007-12-27 | CVE-2007-6536 | Information Exposure vulnerability in Google Toolbar 4/5 The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | 6.8 |
| 2007-12-20 | CVE-2007-6452 | Cross-Site Scripting vulnerability in Google web Toolkit 1.4.60 Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | 4.3 |
| 2007-12-04 | CVE-2007-6212 | Path Traversal vulnerability in Google KML 1.1 Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-10-06 | CVE-2007-5255 | Cross-Site Scripting vulnerability in Google Mini Search Appliance 3.4.14 Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | 4.3 |
| 2007-09-12 | CVE-2007-4847 | Remote Security vulnerability in Picasa Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. | 5.0 |