| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2855 |
119 |
|
DoS Overflow Mem. Corr. |
2013-06-04 |
2013-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. |
|
2 |
CVE-2013-2848 |
200 |
|
XSS +Info |
2013-05-22 |
2013-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
3 |
CVE-2013-2838 |
119 |
|
DoS Overflow |
2013-05-22 |
2013-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4 |
CVE-2013-2835 |
264 |
|
Bypass |
2013-04-16 |
2013-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. |
|
5 |
CVE-2013-2834 |
264 |
|
Bypass |
2013-04-16 |
2013-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. |
|
6 |
CVE-2013-2832 |
119 |
|
Overflow +Info |
2013-04-16 |
2013-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
7 |
CVE-2013-0923 |
119 |
|
DoS Overflow Mem. Corr. |
2013-03-28 |
2013-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. |
|
8 |
CVE-2013-0917 |
119 |
|
DoS Overflow |
2013-03-28 |
2013-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
9 |
CVE-2013-0909 |
200 |
|
XSS +Info |
2013-03-05 |
2013-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. |
|
10 |
CVE-2013-0899 |
189 |
|
DoS Overflow |
2013-02-23 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. |
|
11 |
CVE-2013-0888 |
119 |
|
DoS Overflow |
2013-02-23 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." |
|
12 |
CVE-2013-0883 |
20 |
|
DoS |
2013-02-23 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. |
|
13 |
CVE-2013-0881 |
20 |
|
DoS |
2013-02-23 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. |
|
14 |
CVE-2013-0835 |
|
|
DoS |
2013-01-15 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. |
|
15 |
CVE-2013-0834 |
119 |
|
DoS Overflow |
2013-01-15 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. |
|
16 |
CVE-2013-0833 |
119 |
|
DoS Overflow |
2013-01-15 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. |
|
17 |
CVE-2012-6301 |
20 |
1
|
DoS |
2012-12-10 |
2012-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. |
|
18 |
CVE-2012-6051 |
310 |
|
DoS |
2012-11-28 |
2012-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack. |
|
19 |
CVE-2012-5820 |
20 |
|
|
2012-11-04 |
2013-02-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
|
20 |
CVE-2012-5155 |
264 |
|
Bypass |
2013-01-15 |
2013-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. |
|
21 |
CVE-2012-5152 |
119 |
|
DoS Overflow |
2013-01-15 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. |
|
22 |
CVE-2012-5146 |
264 |
|
Bypass |
2013-01-15 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. |
|
23 |
CVE-2012-5132 |
|
|
DoS |
2012-11-27 |
2013-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. |
|
24 |
CVE-2012-5130 |
119 |
|
DoS Overflow |
2012-11-27 |
2013-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
25 |
CVE-2012-5123 |
119 |
|
DoS Overflow |
2012-11-07 |
2013-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
26 |
CVE-2012-5110 |
119 |
|
DoS Overflow |
2012-10-09 |
2013-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
27 |
CVE-2012-5109 |
119 |
|
DoS Overflow |
2012-10-09 |
2013-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression. |
|
28 |
CVE-2012-4906 |
264 |
|
+Info |
2012-09-13 |
2012-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. |
|
29 |
CVE-2012-4903 |
264 |
|
+Info |
2012-09-13 |
2012-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. |
|
30 |
CVE-2012-4222 |
|
|
DoS |
2012-11-30 |
2013-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. |
|
31 |
CVE-2012-2892 |
|
|
Bypass |
2012-09-26 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors. |
|
32 |
CVE-2012-2891 |
200 |
|
+Info |
2012-09-26 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors. |
|
33 |
CVE-2012-2884 |
119 |
|
DoS Overflow |
2012-09-26 |
2012-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
34 |
CVE-2012-2877 |
20 |
|
DoS |
2012-09-26 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
|
35 |
CVE-2012-2867 |
|
|
DoS |
2012-08-31 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
|
36 |
CVE-2012-2854 |
200 |
|
+Info |
2012-08-06 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. |
|
37 |
CVE-2012-2846 |
|
|
DoS |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. |
|
38 |
CVE-2012-2826 |
|
|
DoS |
2012-06-27 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
39 |
CVE-2012-2825 |
20 |
|
DoS |
2012-06-27 |
2012-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. |
|
40 |
CVE-2012-2822 |
|
|
DoS |
2012-06-27 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
41 |
CVE-2012-2820 |
20 |
|
DoS |
2012-06-27 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
42 |
CVE-2012-2815 |
200 |
|
+Info |
2012-06-27 |
2012-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. |
|
43 |
CVE-2011-5238 |
20 |
|
|
2012-11-06 |
2012-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
|
44 |
CVE-2011-5037 |
20 |
|
DoS |
2011-12-29 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. |
|
45 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
|
46 |
CVE-2011-4691 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. |
|
47 |
CVE-2011-3972 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
48 |
CVE-2011-3970 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
49 |
CVE-2011-3967 |
|
|
DoS |
2012-02-08 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. |
|
50 |
CVE-2011-3965 |
20 |
|
DoS |
2012-02-08 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
