CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2011-3234 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
152 CVE-2011-3112 399 DoS 2012-05-24 2017-09-19
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
153 CVE-2011-3111 119 DoS Overflow 2012-05-24 2017-09-19
5.0
None Remote Low Not required None None Partial
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
154 CVE-2011-3104 119 DoS Overflow 2012-05-24 2017-09-19
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
155 CVE-2011-3100 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
156 CVE-2011-3094 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
157 CVE-2011-3093 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
158 CVE-2011-3088 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
159 CVE-2011-3085 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
160 CVE-2011-3083 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
161 CVE-2011-3061 295 +Info 2012-03-30 2020-04-14
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
162 CVE-2011-3049 DoS 2012-03-23 2020-04-16
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
163 CVE-2011-3022 319 +Info 2012-02-16 2020-04-16
5.0
None Remote Low Not required Partial None None
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
164 CVE-2011-2864 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
165 CVE-2011-2858 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
166 CVE-2011-2851 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
167 CVE-2011-2850 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
168 CVE-2011-2844 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
169 CVE-2011-2843 125 DoS 2011-09-19 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
170 CVE-2011-1814 824 DoS 2011-06-09 2020-05-22
5.8
None Remote Medium Not required Partial None Partial
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
171 CVE-2011-1801 Bypass 2011-05-26 2020-05-22
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
172 CVE-2011-1691 476 DoS 2011-04-15 2020-06-03
5.0
None Remote Low Not required None None Partial
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.
173 CVE-2011-1465 DoS 2011-03-20 2020-06-03
5.0
None Remote Low Not required None None Partial
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
174 CVE-2011-1452 20 2011-05-03 2020-05-22
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
175 CVE-2011-1450 20 DoS 2011-05-03 2020-05-22
5.0
None Remote Low Not required None None Partial
Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
176 CVE-2011-1446 2011-05-03 2020-05-22
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.
177 CVE-2011-1435 276 2011-05-03 2020-05-22
5.0
None Remote Low Not required Partial None None
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.
178 CVE-2011-1413 DoS 2011-03-11 2020-06-03
5.0
None Remote Low Not required None None Partial
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.
179 CVE-2011-1304 Bypass 2011-05-03 2020-05-22
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
180 CVE-2011-1194 Bypass 2011-03-11 2020-06-03
5.0
None Remote Low Not required None Partial None
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
181 CVE-2011-1190 200 Bypass +Info 2011-03-11 2020-06-02
5.0
None Remote Low Not required Partial None None
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
182 CVE-2011-1187 200 Bypass +Info 2011-03-11 2020-06-03
5.0
None Remote Low Not required Partial None None
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
183 CVE-2011-1122 125 DoS 2011-03-01 2020-06-04
5.0
None Remote Low Not required None None Partial
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.
184 CVE-2011-1120 125 DoS 2011-03-01 2020-06-04
5.0
None Remote Low Not required None None Partial
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.
185 CVE-2011-0984 125 DoS 2011-02-10 2020-06-04
5.0
None Remote Low Not required None None Partial
Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
186 CVE-2011-0779 20 DoS 2011-02-04 2020-06-04
5.0
None Remote Low Not required None None Partial
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
187 CVE-2011-0483 704 DoS 2011-01-14 2020-07-24
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
188 CVE-2011-0470 DoS 2011-01-14 2020-07-24
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
189 CVE-2010-5073 264 +Info 2011-12-07 2017-09-19
5.0
None Remote Low Not required Partial None None
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.
190 CVE-2010-4577 125 DoS 2010-12-22 2020-07-31
5.0
None Remote Low Not required None None Partial
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
191 CVE-2010-4576 476 DoS 2010-12-22 2020-07-29
5.0
None Remote Low Not required None None Partial
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
192 CVE-2010-4488 287 DoS 2010-12-07 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
193 CVE-2010-4484 DoS 2010-12-07 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
194 CVE-2010-4482 Bypass 2010-12-07 2017-09-19
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
195 CVE-2010-4038 404 DoS 2010-10-21 2020-07-31
5.0
None Remote Low Not required None None Partial
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
196 CVE-2010-4033 2010-10-21 2017-09-19
5.0
None Remote Low Not required None Partial None
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
197 CVE-2010-3417 200 +Info 2010-09-16 2020-07-31
5.0
None Remote Low Not required Partial None None
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
198 CVE-2010-3413 DoS 2010-09-16 2020-07-31
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
199 CVE-2010-3250 2010-09-07 2020-08-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.
200 CVE-2010-3248 2010-09-07 2020-08-03
5.0
None Remote Low Not required None Partial None
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
Total number of vulnerabilities : 225   Page : 1 2 3 4 (This Page)5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.