CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2011-3050
https://notcve.org/view.php?id=CVE-2011-3050
22 Mar 2012 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Una vulnerabilidad de uso después de liberación de vulnerabilidad en la implementación de las Hojas de Estilo en Cascada (CSS) en Google Chrome v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un i... • http://code.google.com/p/chromium/issues/detail?id=113902 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2011-3052
https://notcve.org/view.php?id=CVE-2011-3052
22 Mar 2012 — The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La implementación de WebGL en Google Chrome antes de v17.0.963.83 no trata correctamente los elementos CANVAS, ??lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de... • http://code.google.com/p/chromium/issues/detail?id=116637 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 26%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3054
https://notcve.org/view.php?id=CVE-2011-3054
22 Mar 2012 — The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementación de privilegios de WebUI en Google Chrome antes de v17.0.963.83 no realiza correctamente el aislamiento, lo que permite a atacantes remotos eludir restricciones de acceso a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=117418 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3051
https://notcve.org/view.php?id=CVE-2011-3051
22 Mar 2012 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. Una vulnerabilidad de uso después de liberación en la imprentacion de las Hojas de Estilo en Cascada (CSS) en Google Chrome antes de v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especifica... • http://code.google.com/p/chromium/issues/detail?id=116461 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2012-1846
https://notcve.org/view.php?id=CVE-2012-1846
22 Mar 2012 — Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." Google Chrome v17.0.963.66 y anteriores permite a atacantes remotos eludir el mecanismo de protección de sandbox,... • http://pwn2own.zerodayinitiative.com/status.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3056
https://notcve.org/view.php?id=CVE-2011-3056
22 Mar 2012 — Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." Google Chrome antes de v17.0.963.83 permite a atacantes remotos evitar la política de mismo origen a través de vectores relacionados con un "magic iframe". • http://code.google.com/p/chromium/issues/detail?id=117550 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2011-3055
https://notcve.org/view.php?id=CVE-2011-3055
22 Mar 2012 — The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. La interfaz de usuario nativa en Google Chrome antes de v17.0.963.83 no solicita confirmación del usuario antes de una instalación de extensión no empaquetada, lo que permite a atacantes remotos con la ayuda del usuario local a tener un impacto no especificado a través de una ... • http://code.google.com/p/chromium/issues/detail?id=117736 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2011-3047
https://notcve.org/view.php?id=CVE-2011-3047
10 Mar 2012 — The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. El proceso de GPU en Google Chrome antes de v17.0.963.79 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) aprovechandose de un error en el mecanismo de carga de plugins. • http://code.google.com/p/chromium/issues/detail?id=117620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2011-3046
https://notcve.org/view.php?id=CVE-2011-3046
09 Mar 2012 — The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. El subsistema de extensión en Google Chrome antes de v17.0.963.78 no gestiona adecuadamente el historial de navegación, lo que permite a atacantes remotos ejecutar código de su elección qaprovechandose de un problema "XSS universal(UXSS)". • http://code.google.com/p/chromium/issues/detail?id=117226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •