CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2010-0650
https://notcve.org/view.php?id=CVE-2010-0650
18 Feb 2010 — WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. WebKit, usado en Google Chrome, anterior a v4.0.249.78 y Apple Safari, permite a atacantes remotos evitar las restricciones destinadas a ventanas emergentes mediante el uso de un evento de clic de ratón manipulado. • http://code.google.com/p/chromium/issues/detail?id=3275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 47EXPL: 3CVE-2010-0664
https://notcve.org/view.php?id=CVE-2010-0664
18 Feb 2010 — Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring. Vulnerabilidad de consumo en la pila en la función ChildProcessSecurityPolicy::CanRequestURL en browser/child_pr... • http://code.google.com/p/chromium/issues/detail?id=31517 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 49EXPL: 0CVE-2010-0658
https://notcve.org/view.php?id=CVE-2010-0658
18 Feb 2010 — Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements. Múltiples desbordamientos de enteros en Skia, usado en Google Chrome anterior a v4.0.249.78 , permite a atacantes remotos ejecutar código arbitrario en la zona de seguridad de Chrome (sandbox) o causar una denegación de servicio (corrupción de la memo... • http://code.google.com/p/chromium/issues/detail?id=24071 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0662
https://notcve.org/view.php?id=CVE-2010-0662
18 Feb 2010 — The ParamTraits
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0644
https://notcve.org/view.php?id=CVE-2010-0644
18 Feb 2010 — Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. Google Chrome anterior v4.0.249.89, cuando el servidor proxy SOCKS 5 está configurado, permite el ataques a servidores DNS remotos para obtener información potencialmente sensible sobre la id... • http://code.google.com/p/chromium/issues/detail?id=29914 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 49EXPL: 0CVE-2010-0656
https://notcve.org/view.php?id=CVE-2010-0656
18 Feb 2010 — WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. WebKit anterior a r51295 , usado en Google Chrome v4.0.249.78, presenta una página de listado de directorio en respuesta a un XMLHttpRequest de una URL file:// que corresponde a un directorio, lo... • http://code.google.com/p/chromium/issues/detail?id=20450 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 47EXPL: 0CVE-2010-0645
https://notcve.org/view.php?id=CVE-2010-0645
18 Feb 2010 — Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. Multiples errores de enteros sin signo en factory.cc en Google V8 anterior r3560, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código arbitrario en el Sandbox de Chrome a través de un uso manipulado de arrays JavaScript. • http://code.google.com/p/chromium/issues/detail?id=31009 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0663
https://notcve.org/view.php?id=CVE-2010-0663
18 Feb 2010 — The ParamTraits
CVSS: 10.0EPSS: 10%CPEs: 49EXPL: 1CVE-2010-0646
https://notcve.org/view.php?id=CVE-2010-0646
18 Feb 2010 — Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. Multiples errores de enteros sin signo en factory.cc en Google V8 anterior r3560, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código de su elección en el sandbox de Chrome a través de un uso manipulado de arrays JavaScript. • http://code.google.com/p/chromium/issues/detail?id=31009 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 49EXPL: 0CVE-2010-0661
https://notcve.org/view.php?id=CVE-2010-0661
18 Feb 2010 — WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp en WebKit anterior a r52401 , usado en Google Chrome, anterior a v4.0.249.78, permite a atacantes remotos saltar la política de mismo origen (Same Origin Policy) a través de vectores que implica el método window.open. • http://code.google.com/p/chromium/issues/detail?id=30660 • CWE-264: Permissions, Privileges, and Access Controls •