CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 5 and 5.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-0923 119 DoS Overflow Mem. Corr. 2013-03-28 2013-04-03
5.0
 None Remote Low Not required None None Partial
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
2 CVE-2013-0917 119 DoS Overflow 2013-03-28 2013-04-03
5.0
 None Remote Low Not required None None Partial
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
3 CVE-2013-0909 200 XSS +Info 2013-03-05 2013-03-06
5.0
 None Remote Low Not required Partial None None
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
4 CVE-2013-0899 189 DoS Overflow 2013-02-23 2013-04-10
5.0
 None Remote Low Not required None None Partial
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
5 CVE-2013-0888 119 DoS Overflow 2013-02-23 2013-04-10
5.0
 None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
6 CVE-2013-0883 20 DoS 2013-02-23 2013-04-10
5.0
 None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
7 CVE-2013-0881 20 DoS 2013-02-23 2013-04-10
5.0
 None Remote Low Not required None None Partial
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
8 CVE-2013-0835 DoS 2013-01-15 2013-02-07
5.0
 None Remote Low Not required None None Partial
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
9 CVE-2013-0834 119 DoS Overflow 2013-01-15 2013-02-07
5.0
 None Remote Low Not required None None Partial
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
10 CVE-2013-0833 119 DoS Overflow 2013-01-15 2013-02-07
5.0
 None Remote Low Not required None None Partial
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
11 CVE-2012-5155 264 Bypass 2013-01-15 2013-01-16
5.0
 None Remote Low Not required None Partial None
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
12 CVE-2012-5152 119 DoS Overflow 2013-01-15 2013-02-07
5.0
 None Remote Low Not required None None Partial
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
13 CVE-2012-5146 264 Bypass 2013-01-15 2013-02-07
5.0
 None Remote Low Not required None Partial None
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
14 CVE-2012-5132 DoS 2012-11-27 2013-05-02
5.0
 None Remote Low Not required None None Partial
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.
15 CVE-2012-5130 119 DoS Overflow 2012-11-27 2013-05-02
5.0
 None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
16 CVE-2012-5123 119 DoS Overflow 2012-11-07 2013-05-02
5.0
 None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
17 CVE-2012-5110 119 DoS Overflow 2012-10-09 2013-01-31
5.0
 None Remote Low Not required None None Partial
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
18 CVE-2012-5109 119 DoS Overflow 2012-10-09 2013-01-31
5.0
 None Remote Low Not required None None Partial
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
19 CVE-2012-4906 264 +Info 2012-09-13 2012-09-14
5.0
 None Remote Low Not required Partial None None
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
20 CVE-2012-4903 264 +Info 2012-09-13 2012-09-14
5.0
 None Remote Low Not required Partial None None
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.
21 CVE-2012-2892 Bypass 2012-09-26 2013-03-21
5.0
 None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
22 CVE-2012-2891 200 +Info 2012-09-26 2013-03-21
5.0
 None Remote Low Not required Partial None None
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
23 CVE-2012-2884 119 DoS Overflow 2012-09-26 2012-12-21
5.0
 None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
24 CVE-2012-2877 20 DoS 2012-09-26 2013-03-21
5.0
 None Remote Low Not required None None Partial
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
25 CVE-2012-2867 DoS 2012-08-31 2013-03-21
5.0
 None Remote Low Not required None None Partial
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
26 CVE-2012-2854 200 +Info 2012-08-06 2012-08-13
5.0
 None Remote Low Not required Partial None None
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
27 CVE-2012-2846 DoS 2012-08-06 2012-08-07
5.0
 None Remote Low Not required None None Partial
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
28 CVE-2012-2826 DoS 2012-06-27 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29 CVE-2012-2825 20 DoS 2012-06-27 2012-07-21
5.0
 None Remote Low Not required None None Partial
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
30 CVE-2012-2822 DoS 2012-06-27 2012-08-13
5.0
 None Remote Low Not required None None Partial
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
31 CVE-2012-2820 20 DoS 2012-06-27 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
32 CVE-2012-2815 200 +Info 2012-06-27 2012-09-21
5.0
 None Remote Low Not required Partial None None
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
33 CVE-2011-4692 264 2011-12-07 2011-12-08
5.0
 None Remote Low Not required Partial None None
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
34 CVE-2011-4691 264 2011-12-07 2011-12-08
5.0
 None Remote Low Not required Partial None None
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
35 CVE-2011-3972 119 DoS Overflow 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
36 CVE-2011-3970 119 DoS Overflow 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
37 CVE-2011-3967 DoS 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
38 CVE-2011-3965 20 DoS 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
39 CVE-2011-3964 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None Partial None
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
40 CVE-2011-3963 119 DoS Overflow 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
41 CVE-2011-3962 119 DoS Overflow 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
42 CVE-2011-3960 119 DoS Overflow 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
43 CVE-2011-3956 264 Bypass 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None Partial None
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
44 CVE-2011-3954 DoS 2012-02-08 2012-08-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
45 CVE-2011-3916 119 DoS Overflow 2011-12-13 2011-12-14
5.0
 None Remote Low Not required None None Partial
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
46 CVE-2011-3911 119 DoS Overflow 2011-12-13 2011-12-14
5.0
 None Remote Low Not required None None Partial
Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
47 CVE-2011-3910 119 DoS Overflow 2011-12-13 2011-12-14
5.0
 None Remote Low Not required None None Partial
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
48 CVE-2011-3908 119 DoS Overflow 2011-12-13 2012-03-13
5.0
 None Remote Low Not required None None Partial
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
49 CVE-2011-3906 119 DoS Overflow 2011-12-13 2011-12-14
5.0
 None Remote Low Not required None None Partial
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
50 CVE-2011-3905 119 DoS Overflow 2011-12-13 2013-02-06
5.0
 None Remote Low Not required None None Partial
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Total number of vulnerabilities : 162   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.