Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-11-12 CVE-2009-3934 Unspecified vulnerability in Google Chrome
The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
network
google
4.3
2009-11-12 CVE-2009-3933 Resource Management Errors vulnerability in Webkit 2.4.11
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.
network
low complexity
webkit google CWE-399
5.0
2009-09-18 CVE-2009-3268 Resource Management Errors vulnerability in Google Chrome
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
network
low complexity
google CWE-399
5.0
2009-09-18 CVE-2009-3264 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
network
google CWE-264
4.3
2009-09-18 CVE-2009-3263 Cross-Site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." Per http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded VII.
network
google CWE-79
4.3
2009-09-18 CVE-2008-7246 Resource Management Errors vulnerability in Google Chrome
Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
network
low complexity
google CWE-399
5.0
2009-08-31 CVE-2009-3011 Cross-Site Scripting vulnerability in Google Chrome
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
network
google CWE-79
4.3
2009-08-27 CVE-2009-2974 Denial-Of-Service vulnerability in Chrome
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.
network
low complexity
google
5.0
2009-08-27 CVE-2009-2973 Cryptographic Issues vulnerability in Google Chrome
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.
network
low complexity
google CWE-310
6.4
2009-08-24 CVE-2008-7061 Resource Management Errors vulnerability in Google Chrome 0.2.149.29
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994.
network
google CWE-399
4.3