CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2CVE-2011-4692
https://notcve.org/view.php?id=CVE-2011-4692
07 Dec 2011 — WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. WebKit, como se usa en Apple Safari v5.1.1 y anteriores, y Google Chrome v15 y anteriores, no impide la captura de datos sobre el tiempo necesario para cargar la imagen, lo que hace más fácil p... • http://lcamtuf.coredump.cx/cachetime • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4691
https://notcve.org/view.php?id=CVE-2011-4691
07 Dec 2011 — Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. Google Chrome v15.0.874.121 y anteriores no impide la captura de datos sobre los tiempos de violación de "Same Origin Policy" durante los intentos de carga de IFRAME, lo que facilita a los atacantes remotos determinar si existe... • http://lcamtuf.coredump.cx/cachetime • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 1CVE-2010-5073
https://notcve.org/view.php?id=CVE-2010-5073
07 Dec 2011 — The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070. La implementación de JavaScript de Google Chrome v4 no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el método getComputedStyle, lo que permite a atacantes remotos obt... • http://w2spconf.com/2010/papers/p26.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 225EXPL: 1CVE-2010-5069
https://notcve.org/view.php?id=CVE-2010-5069
07 Dec 2011 — The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264. Las Hojas de Estilo en Cascada (CSS) de aplicación en Google Chrome v4 no controlan correctamente el :visited pseudo-classe, lo que permite a atacantes remotos obtener información sensible acerca de las páginas web visitadas a través de un ... • http://w2spconf.com/2010/papers/p26.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3900
https://notcve.org/view.php?id=CVE-2011-3900
17 Nov 2011 — Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation. Google V8, que se utiliza en Google Chrome anterior a v15.0.874.121, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que provocan una operación de escritura fuera de los límites. • http://code.google.com/p/chromium/issues/detail?id=103259 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3894
https://notcve.org/view.php?id=CVE-2011-3894
11 Nov 2011 — Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream. Google Chrome anteriores a v15.0.874.120 no realiza bién la decodificación VP8, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de una corriente a mano. • http://code.google.com/p/chromium/issues/detail?id=101172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2011-3895 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3895
11 Nov 2011 — Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Desbordamiento de búfer basado en memoria dinámica en el decodificador de Vorbis en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un stream manipulado. Multiple vulnerabilities were found in FFm... • http://code.google.com/p/chromium/issues/detail?id=101458 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3898
https://notcve.org/view.php?id=CVE-2011-3898
11 Nov 2011 — Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet. Google Chrome anterior a v15.0.874.120, cuando se usa Java Runtime Environment (JRE) 7, no pide confirmación al usuario antes de la ejecución de que el applet se inicie, lo que permite a atacantes remotos tener un impacto no especificado a través de un applet diseñado para ello. • http://code.google.com/p/chromium/issues/detail?id=102461 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3896
https://notcve.org/view.php?id=CVE-2011-3896
11 Nov 2011 — Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping. Desbordamiento de búfer en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el sombreado de la cartografía variable. • http://code.google.com/p/chromium/issues/detail?id=101624 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3893 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3893
11 Nov 2011 — Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome anterior a v15.0.874.120 no implementa correctamente el MKV y los gestores Vorbis, lo que permite a atacantes remotos provocar una denegación de servicio (leer fuera del límite) a través de vectores no especificados. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable ... • http://code.google.com/p/chromium/issues/detail?id=100492 • CWE-125: Out-of-bounds Read •