CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 1CVE-2011-3058
https://notcve.org/view.php?id=CVE-2011-3058
30 Mar 2012 — Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Las versiones de Google Chrome anteriores a v18.0.1025.142 no manejan correctamente el sistema de codificación EUC-JP, lo que podría permitir a atacantes remotos producir ataques de ejecución de comandos en sitios cruzados(XSS) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=109574 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3064
https://notcve.org/view.php?id=CVE-2011-3064
30 Mar 2012 — Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. Vulnerabilidad por error de memoria en ejecución (use-after-free) en Google Chrome anterior a v18.0.1025.142 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la operación de recorte en el formato SVG. • http://code.google.com/p/chromium/issues/detail?id=117471 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3049
https://notcve.org/view.php?id=CVE-2011-3049
23 Mar 2012 — Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. Google Chrome antes de v17.0.963.83 no restringe adecuadamente la API de peticiones de extensión web, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de peticiones del sistema) a través de una extensión diseñada a mano para este fin. • http://code.google.com/p/chromium/issues/detail?id=108648 •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2012-1845
https://notcve.org/view.php?id=CVE-2012-1845
22 Mar 2012 — Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." Una vulnerabilidad de Uso después de liberación en Google Chrome v... • http://pwn2own.zerodayinitiative.com/status.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2011-3053
https://notcve.org/view.php?id=CVE-2011-3053
22 Mar 2012 — Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la división de bloques. • http://code.google.com/p/chromium/issues/detail?id=116746 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3057
https://notcve.org/view.php?id=CVE-2011-3057
22 Mar 2012 — Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. Google V8, tal como se utiliza en Google Chrome antes de v17.0.963.83, permite a atacantes remotos provocar una denegación de servicio a través de vectores que provocan una operación de lectura no válida. • http://code.google.com/p/chromium/issues/detail?id=117794 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2011-3050
https://notcve.org/view.php?id=CVE-2011-3050
22 Mar 2012 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Una vulnerabilidad de uso después de liberación de vulnerabilidad en la implementación de las Hojas de Estilo en Cascada (CSS) en Google Chrome v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un i... • http://code.google.com/p/chromium/issues/detail?id=113902 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2011-3052
https://notcve.org/view.php?id=CVE-2011-3052
22 Mar 2012 — The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La implementación de WebGL en Google Chrome antes de v17.0.963.83 no trata correctamente los elementos CANVAS, ??lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de... • http://code.google.com/p/chromium/issues/detail?id=116637 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 26%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3054
https://notcve.org/view.php?id=CVE-2011-3054
22 Mar 2012 — The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementación de privilegios de WebUI en Google Chrome antes de v17.0.963.83 no realiza correctamente el aislamiento, lo que permite a atacantes remotos eludir restricciones de acceso a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=117418 • CWE-269: Improper Privilege Management •