Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-21 | CVE-2010-4036 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | 6.8 |
| 2010-10-21 | CVE-2010-4033 | Multiple Security vulnerability in Google Chrome prior to 7.0.517.41 Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors. | 5.0 |
| 2010-10-05 | CVE-2010-3730 | Remote Security vulnerability in Chrome Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. network google | 6.8 |
| 2010-10-04 | CVE-2010-1822 | Incorrect Type Conversion OR Cast vulnerability in multiple products WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. | 6.8 |
| 2010-09-24 | CVE-2010-1773 | Off-By-One Error vulnerability in multiple products Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. | 6.8 |
| 2010-09-24 | CVE-2010-1767 | Cross-Site Request Forgery (CSRF) vulnerability in Google Chrome Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. | 6.8 |
| 2010-09-16 | CVE-2010-3417 | Information Exposure vulnerability in Google Chrome Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. | 5.0 |
| 2010-09-16 | CVE-2010-3413 | Denial-Of-Service vulnerability in Chrome Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | 5.0 |
| 2010-09-16 | CVE-2010-3411 | Reachable Assertion vulnerability in Google Chrome Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. | 5.0 |
| 2010-09-07 | CVE-2010-3259 | Information Exposure vulnerability in multiple products WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | 4.3 |