CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3894
https://notcve.org/view.php?id=CVE-2011-3894
11 Nov 2011 — Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream. Google Chrome anteriores a v15.0.874.120 no realiza bién la decodificación VP8, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de una corriente a mano. • http://code.google.com/p/chromium/issues/detail?id=101172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2011-3895 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3895
11 Nov 2011 — Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Desbordamiento de búfer basado en memoria dinámica en el decodificador de Vorbis en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un stream manipulado. Multiple vulnerabilities were found in FFm... • http://code.google.com/p/chromium/issues/detail?id=101458 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3898
https://notcve.org/view.php?id=CVE-2011-3898
11 Nov 2011 — Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet. Google Chrome anterior a v15.0.874.120, cuando se usa Java Runtime Environment (JRE) 7, no pide confirmación al usuario antes de la ejecución de que el applet se inicie, lo que permite a atacantes remotos tener un impacto no especificado a través de un applet diseñado para ello. • http://code.google.com/p/chromium/issues/detail?id=102461 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2830
https://notcve.org/view.php?id=CVE-2011-2830
28 Oct 2011 — Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. Google V8, que se utiliza en Google Chrome anterior a v14.0.835.163, no aplica correctamente envoltorios de escritura de objetos, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especi... • http://code.google.com/p/chromium/issues/detail?id=76771 •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 2CVE-2011-3640
https://notcve.org/view.php?id=CVE-2011-3640
28 Oct 2011 — Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." ** CONTROVERTIDO ** Vulnerabilidad de ruta de búsqueda no confiable de Mozilla Network Security Services (NSS), que se utiliza en Google Chrome anterior a v17 en Windows... • http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
25 Oct 2011 — WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XS... • http://code.google.com/p/chromium/issues/detail?id=96047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3887
https://notcve.org/view.php?id=CVE-2011-3887
25 Oct 2011 — Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente javascript: URLs, lo que permite a atacantes remotos evitar las restricciones previstas de acceso y leer cookies a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=98407 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2011-3886
https://notcve.org/view.php?id=CVE-2011-3886
25 Oct 2011 — Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations. Google V8, tal como se utiliza en Google Chrome en versiones anteriores a la 15.0.874.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de código JavaScript modificado que provoca operaciones de escritur... • http://code.google.com/p/chromium/issues/detail?id=98773 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3880
https://notcve.org/view.php?id=CVE-2011-3880
25 Oct 2011 — Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no previene el uso de caracteres especiales sin especificar como delimitadores en cabeceras HTTP, lo que tiene un impacto sin especificar y vectores de ataque remotos. • http://code.google.com/p/chromium/issues/detail?id=95992 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3878
https://notcve.org/view.php?id=CVE-2011-3878
25 Oct 2011 — Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization. Condición de carrera en Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de vectores relacionados con la inicialización de procesos ("worker process initialization"). • http://code.google.com/p/chromium/issues/detail?id=94487 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •