CVSS: 9.3EPSS: 7%CPEs: 49EXPL: 0CVE-2010-0647
https://notcve.org/view.php?id=CVE-2010-0647
18 Feb 2010 — WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. WebKit anterior r53525, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código en el sandbox a través de un elemento RUBY malformado, como queda demostrado con la secuencia <ruby>><table><rt>. • http://code.google.com/p/chromium/issues/detail?id=31692 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0663
https://notcve.org/view.php?id=CVE-2010-0663
18 Feb 2010 — The ParamTraits
CVSS: 9.3EPSS: 8%CPEs: 49EXPL: 0CVE-2010-0659
https://notcve.org/view.php?id=CVE-2010-0659
18 Feb 2010 — The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. El decodificador de imagen en WebKit anterior a r52833, usado en Google Chrome anterior a v4.0.249.78, no controla correctamente un error de asignación de memoria, lo cual permite a atacantes remotos ejecutar código arbitrario en el rec... • http://code.google.com/p/chromium/issues/detail?id=28566 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0643
https://notcve.org/view.php?id=CVE-2010-0643
18 Feb 2010 — Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. Google Chrome anterior v4.0.249.89 intenta a establecer conexiones con sitios web cuando todas las configuraciones de los servidores proxy no están disponib... • http://code.google.com/p/chromium/issues/detail?id=12303 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2010-0650
https://notcve.org/view.php?id=CVE-2010-0650
18 Feb 2010 — WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. WebKit, usado en Google Chrome, anterior a v4.0.249.78 y Apple Safari, permite a atacantes remotos evitar las restricciones destinadas a ventanas emergentes mediante el uso de un evento de clic de ratón manipulado. • http://code.google.com/p/chromium/issues/detail?id=3275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 47EXPL: 3CVE-2010-0664
https://notcve.org/view.php?id=CVE-2010-0664
18 Feb 2010 — Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring. Vulnerabilidad de consumo en la pila en la función ChildProcessSecurityPolicy::CanRequestURL en browser/child_pr... • http://code.google.com/p/chromium/issues/detail?id=31517 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 49EXPL: 1CVE-2010-0646
https://notcve.org/view.php?id=CVE-2010-0646
18 Feb 2010 — Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. Multiples errores de enteros sin signo en factory.cc en Google V8 anterior r3560, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código de su elección en el sandbox de Chrome a través de un uso manipulado de arrays JavaScript. • http://code.google.com/p/chromium/issues/detail?id=31009 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0556
https://notcve.org/view.php?id=CVE-2010-0556
18 Feb 2010 — browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. browser/login/login_prompt.cc en Google Chrome anterior v4.0.249.89 con un diálogo de autenticación con credenciales que fueron almacenadas por Pass... • http://code.google.com/p/chromium/issues/detail?id=32718 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 8%CPEs: 47EXPL: 2CVE-2010-0315 – Google Chrome 3.0 - Style Sheet redirection Information Disclosure
https://notcve.org/view.php?id=CVE-2010-0315
14 Jan 2010 — WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. WebKit anterior a versión r53607, tal como es usado en Chrome de Google anterior a versión 4.0.249.89, permite a los atacantes remotos detectar la URL de destino... • https://www.exploit-db.com/exploits/33562 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2816
https://notcve.org/view.php?id=CVE-2009-2816
13 Nov 2009 — The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. La implementación de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versión 4.0.4 y Chrome d... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •