Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Chrome
(Google)| Repositories |
• https://github.com/googlei18n/sfntly
• https://github.com/behdad/harfbuzz • https://github.com/uclouvain/openjpeg |
| #Vulnerabilities | 3633 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-12-07 | CVE-2010-4487 | Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file." | Chrome | N/A | ||
| 2011-02-04 | CVE-2011-0776 | The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call. | Chrome | N/A | ||
| 2011-02-04 | CVE-2011-0782 | Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors. | Chrome | N/A | ||
| 2011-05-03 | CVE-2011-1305 | Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database. | Chrome | N/A | ||
| 2012-04-06 | CVE-2012-0724 | Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725. | Air, Flash_player, Chrome | N/A | ||
| 2012-04-06 | CVE-2012-0725 | Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724. | Air, Flash_player, Chrome | N/A | ||
| 2009-04-24 | CVE-2009-1412 | Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving... | Chrome | N/A | ||
| 2016-10-14 | CVE-2005-4900 | SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | Chrome | 5.9 | ||
| 2014-01-16 | CVE-2013-6643 | The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | Debian_linux, Chrome, Opensuse | N/A | ||
| 2010-09-24 | CVE-2010-1773 | Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. | Ubuntu_linux, Fedora, Chrome, Opensuse, Enterprise_linux | N/A |