Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2010-11-06 CVE-2010-4204 WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google webkitgtk fedoraproject
critical
 9.8
9.8
2010-11-06 CVE-2010-4203 Integer Overflow or Wraparound vulnerability in multiple products
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
network
low complexity
google webmproject redhat CWE-190
critical
 9.8
9.8
2010-11-06 CVE-2010-4202 Integer Overflow or Wraparound vulnerability in Google Chrome
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
network
low complexity
google CWE-190
critical
 9.8
9.8
2010-11-06 CVE-2010-4201 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
network
low complexity
google CWE-416
critical
 9.8
9.8
2010-11-06 CVE-2010-4197 Use After Free vulnerability in multiple products
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
network
low complexity
google webkitgtk fedoraproject CWE-416
critical
 9.8
9.8
2010-11-05 CVE-2010-2941 Use After Free vulnerability in multiple products
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
network
low complexity
apple fedoraproject canonical debian opensuse suse redhat CWE-416
critical
 9.8
9.8
2010-10-21 CVE-2010-4042 Improper Input Validation vulnerability in multiple products
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
network
low complexity
google opensuse CWE-20
critical
 9.8
9.8
2010-10-21 CVE-2010-4041 Unspecified vulnerability in Google Chrome
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
network
low complexity
google
critical
 9.8
9.8
2010-10-21 CVE-2010-4039 Unspecified vulnerability in Google Chrome
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
network
low complexity
google
critical
 9.8
9.8
2010-10-05 CVE-2010-3729 Integer Overflow or Wraparound vulnerability in Google Chrome
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
google CWE-190
critical
 9.8
9.8