CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 4.0.224.0 : Security Vulnerabilities

Cpe Name:cpe:/a:google:chrome:4.0.224.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2010-3115 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
802 CVE-2010-3114 399 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.
803 CVE-2010-3113 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
804 CVE-2010-3112 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
805 CVE-2010-3111 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
806 CVE-2010-2903 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.
807 CVE-2010-2902 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
808 CVE-2010-2901 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
809 CVE-2010-2900 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
810 CVE-2010-2899 +Info 2010-07-28 2017-09-18
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
811 CVE-2010-2898 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
812 CVE-2010-2897 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
813 CVE-2010-2652 DoS 2010-07-06 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
814 CVE-2010-2651 119 DoS Overflow Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
815 CVE-2010-2650 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."
816 CVE-2010-2649 DoS 2010-07-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
817 CVE-2010-2648 310 DoS Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
818 CVE-2010-2647 119 DoS Overflow Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
819 CVE-2010-2646 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
820 CVE-2010-2645 119 DoS Overflow 2010-07-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
821 CVE-2010-2302 399 DoS Exec Code Mem. Corr. 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.
822 CVE-2010-2301 79 XSS 2010-06-15 2017-09-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
823 CVE-2010-2300 399 DoS Exec Code Mem. Corr. 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.
824 CVE-2010-2299 94 Exec Code 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.
825 CVE-2010-2298 20 Bypass 2010-06-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.
826 CVE-2010-2297 94 DoS Exec Code 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
827 CVE-2010-2296 264 Bypass 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
828 CVE-2010-2295 2010-06-15 2017-09-18
4.3
None Remote Medium Not required None Partial None
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.
829 CVE-2010-2110 Exec Code 2010-05-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
830 CVE-2010-2109 DoS 2010-05-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
831 CVE-2010-2108 Bypass 2010-05-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
832 CVE-2010-2107 DoS 2010-05-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
833 CVE-2010-2106 2010-05-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
834 CVE-2010-2105 2010-05-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.
835 CVE-2010-1851 200 +Info 2010-05-07 2017-09-18
4.3
None Remote Medium Not required Partial None None
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
836 CVE-2010-1825 399 DoS 2010-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
837 CVE-2010-1824 399 DoS Exec Code 2010-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.
838 CVE-2010-1823 399 DoS 2010-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.
839 CVE-2010-1822 189 DoS Exec Code 2010-10-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
840 CVE-2010-1773 189 DoS Exec Code Mem. Corr. +Info 2010-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
841 CVE-2010-1772 399 DoS Exec Code 2010-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
842 CVE-2010-1770 94 DoS Exec Code Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
843 CVE-2010-1767 352 CSRF 2010-09-24 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
844 CVE-2010-1664 119 DoS Overflow Mem. Corr. 2010-05-03 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
845 CVE-2010-1506 DoS Mem. Corr. 2010-04-23 2017-09-18
7.8
None Remote Low Not required None None Complete
The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.
846 CVE-2010-1505 264 2010-04-23 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
847 CVE-2010-1504 79 XSS 2010-04-23 2017-09-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
848 CVE-2010-1503 79 XSS 2010-04-23 2017-09-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
849 CVE-2010-1502 2010-04-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
850 CVE-2010-1500 2010-04-23 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
Total number of vulnerabilities : 852   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.