CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 6.0.397.0 : Security Vulnerabilities

Cpe Name:cpe:/a:google:chrome:6.0.397.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1822 189 DoS Exec Code 2010-10-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
2 CVE-2010-3111 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
3 CVE-2010-3411 20 DoS 2010-09-16 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
4 CVE-2010-3414 119 DoS Overflow Mem. Corr. 2010-09-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.
5 CVE-2010-3416 119 DoS Overflow Mem. Corr. 2010-09-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
6 CVE-2010-3729 119 Exec Code Overflow 2010-10-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
7 CVE-2010-3730 2010-10-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.
8 CVE-2010-4008 119 DoS Overflow 2010-11-16 2017-09-18
4.3
None Remote Medium Not required None None Partial
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
9 CVE-2010-4038 20 DoS 2010-10-21 2017-09-18
4.3
None Remote Medium Not required None None Partial
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
10 CVE-2010-4039 2010-10-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
11 CVE-2010-4040 119 DoS Overflow Mem. Corr. 2010-10-21 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
12 CVE-2010-4041 264 Bypass 2010-10-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
13 CVE-2010-4042 20 DoS 2010-10-21 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
14 CVE-2010-4197 399 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
15 CVE-2010-4198 20 DoS Mem. Corr. 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
16 CVE-2010-4199 20 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.
17 CVE-2010-4201 399 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
18 CVE-2010-4202 189 DoS Overflow 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
19 CVE-2010-4203 119 DoS Exec Code Overflow Mem. Corr. 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
20 CVE-2010-4204 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
21 CVE-2010-4205 20 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22 CVE-2010-4206 119 DoS Exec Code Overflow 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
23 CVE-2010-4487 2010-12-07 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
24 CVE-2010-4492 399 DoS 2010-12-07 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
25 CVE-2010-4493 399 DoS 2010-12-07 2017-09-18
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
26 CVE-2010-4494 399 DoS 2010-12-07 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
27 CVE-2010-4574 189 DoS Bypass 2010-12-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
28 CVE-2010-4575 DoS 2010-12-21 2017-09-18
4.3
None Remote Medium Not required None None Partial
The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.
29 CVE-2010-4576 DoS 2010-12-21 2017-09-18
5.0
None Remote Low Not required None None Partial
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
30 CVE-2010-4577 119 DoS Overflow 2010-12-21 2017-09-18
5.0
None Remote Low Not required None None Partial
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
31 CVE-2010-4578 20 DoS 2010-12-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
32 CVE-2011-0470 20 DoS 2011-01-14 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
33 CVE-2011-0471 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
34 CVE-2011-0472 20 DoS 2011-01-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.
35 CVE-2011-0473 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
36 CVE-2011-0474 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
37 CVE-2011-0475 399 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
38 CVE-2011-0476 399 DoS Mem. Corr. 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.
39 CVE-2011-0477 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.
40 CVE-2011-0478 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
41 CVE-2011-0479 20 DoS 2011-01-14 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.
42 CVE-2011-0480 119 DoS Overflow Mem. Corr. 2011-01-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
43 CVE-2011-0481 119 DoS Overflow 2011-01-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
44 CVE-2011-0482 189 DoS 2011-01-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
45 CVE-2011-0483 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
46 CVE-2011-0484 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."
47 CVE-2011-0485 20 Exec Code 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
48 CVE-2011-0776 200 +Info 2011-02-04 2017-09-18
5.0
None Remote Low Not required Partial None None
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
49 CVE-2011-0777 399 DoS 2011-02-04 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
50 CVE-2011-0779 20 DoS 2011-02-04 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
Total number of vulnerabilities : 777   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.