| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-3417 |
200 |
|
+Info |
2010-09-16 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. |
|
2 |
CVE-2010-3118 |
200 |
|
+Info |
2010-08-24 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature. |
|
3 |
CVE-2010-2899 |
|
|
+Info |
2010-07-28 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors. |
|
4 |
CVE-2010-1773 |
189 |
|
DoS Exec Code Mem. Corr. +Info |
2010-09-24 |
2011-07-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. |
|
5 |
CVE-2010-0663 |
200 |
|
+Info |
2010-02-18 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas. |
|
6 |
CVE-2010-0660 |
200 |
|
+Info |
2010-02-18 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging. |
|
7 |
CVE-2010-0657 |
|
|
+Info |
2010-02-18 |
2012-01-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut. |
|
8 |
CVE-2010-0656 |
200 |
|
+Info |
2010-02-18 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. |
|
9 |
CVE-2010-0651 |
200 |
|
+Info |
2010-02-18 |
2012-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. |
|
10 |
CVE-2010-0644 |
200 |
|
+Info |
2010-02-18 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. |
|
11 |
CVE-2010-0643 |
200 |
|
+Info |
2010-02-18 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. |
|
12 |
CVE-2010-0556 |
255 |
|
Bypass +Info |
2010-02-18 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. |
