CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 5.0.366.0 : Security Vulnerabilities

Cpe Name:cpe:/a:google:chrome:5.0.366.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2011-2788 119 Overflow 2011-08-02 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
602 CVE-2011-2787 399 DoS 2011-08-02 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
603 CVE-2011-2786 20 2011-08-02 2017-09-18
4.3
None Remote Medium Not required None Partial None
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
604 CVE-2011-2785 20 2011-08-02 2017-09-18
4.3
None Remote Medium Not required None Partial None
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.
605 CVE-2011-2784 200 +Info 2011-08-02 2017-09-18
5.0
None Remote Low Not required Partial None None
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.
606 CVE-2011-2783 20 2011-08-02 2017-09-18
6.4
None Remote Low Not required None Partial Partial
Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
607 CVE-2011-2782 264 Bypass 2011-08-02 2017-09-18
4.3
None Remote Medium Not required None Partial None
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
608 CVE-2011-2361 287 2011-08-02 2017-09-18
4.3
None Remote Medium Not required Partial None None
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
609 CVE-2011-2360 264 Bypass 2011-08-02 2017-09-18
5.0
None Remote Low Not required None Partial None
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
610 CVE-2011-2359 20 DoS 2011-08-02 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
611 CVE-2011-2358 20 2011-08-02 2017-09-18
6.4
None Remote Low Not required None Partial Partial
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
612 CVE-2011-2351 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
613 CVE-2011-2350 20 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
614 CVE-2011-2349 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.
615 CVE-2011-2348 20 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
616 CVE-2011-2347 119 DoS Overflow Mem. Corr. 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
617 CVE-2011-2346 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.
618 CVE-2011-2345 119 DoS Overflow 2011-06-29 2017-09-18
5.0
None Remote Low Not required None None Partial
The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
619 CVE-2011-2342 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
620 CVE-2011-2332 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
621 CVE-2011-1819 2011-06-09 2017-09-18
5.0
None Remote Low Not required None Partial None
Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.
622 CVE-2011-1818 399 DoS 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
623 CVE-2011-1817 119 DoS Overflow Mem. Corr. 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
624 CVE-2011-1816 399 DoS 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
625 CVE-2011-1815 2011-06-09 2017-09-18
5.0
None Remote Low Not required None Partial None
Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.
626 CVE-2011-1814 20 DoS 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
627 CVE-2011-1813 20 DoS 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
628 CVE-2011-1812 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.
629 CVE-2011-1811 20 DoS 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
630 CVE-2011-1810 264 +Info 2011-06-09 2017-09-18
5.0
None Remote Low Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
631 CVE-2011-1809 399 DoS 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
632 CVE-2011-1808 399 DoS 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.
633 CVE-2011-1807 119 Exec Code Overflow 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
634 CVE-2011-1806 119 DoS Exec Code Overflow Mem. Corr. 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
635 CVE-2011-1804 20 DoS 2011-05-26 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
636 CVE-2011-1801 Bypass 2011-05-26 2017-09-18
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
637 CVE-2011-1800 189 DoS Overflow 2011-05-16 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
638 CVE-2011-1799 20 DoS 2011-05-16 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
639 CVE-2011-1691 DoS 2011-04-14 2017-09-18
5.0
None Remote Low Not required None None Partial
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.
640 CVE-2011-1465 399 DoS 2011-03-19 2017-09-18
5.0
None Remote Low Not required None None Partial
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
641 CVE-2011-1456 20 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
642 CVE-2011-1455 20 DoS 2011-05-03 2017-09-18
4.3
None Remote Medium Not required None None Partial
Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
643 CVE-2011-1454 399 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
644 CVE-2011-1452 20 2011-05-03 2017-09-18
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
645 CVE-2011-1451 20 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
646 CVE-2011-1450 20 DoS 2011-05-03 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
647 CVE-2011-1449 399 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
648 CVE-2011-1448 20 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
649 CVE-2011-1447 20 DoS 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
650 CVE-2011-1446 20 2011-05-03 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.
Total number of vulnerabilities : 839   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.