Total
3353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6996 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting. | |||||
| CVE-2009-3934 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail. | |||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | |||||
| CVE-2009-1442 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | |||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | |||||
| CVE-2009-1412 | 2 Google, Microsoft | 2 Chrome, Internet Explorer | 2023-12-10 | 7.8 HIGH | N/A |
| Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. | |||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
| CVE-2009-2352 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected. | |||||
| CVE-2009-2578 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | |||||
| CVE-2009-1690 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2023-12-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | |||||
| CVE-2009-3011 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2023-12-10 | 9.3 HIGH | N/A |
| Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||