CVSS: 8.1EPSS: 0%CPEs: 49EXPL: 0CVE-2010-0656
https://notcve.org/view.php?id=CVE-2010-0656
18 Feb 2010 — WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. WebKit anterior a r51295 , usado en Google Chrome v4.0.249.78, presenta una página de listado de directorio en respuesta a un XMLHttpRequest de una URL file:// que corresponde a un directorio, lo... • http://code.google.com/p/chromium/issues/detail?id=20450 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 47EXPL: 0CVE-2010-0645
https://notcve.org/view.php?id=CVE-2010-0645
18 Feb 2010 — Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. Multiples errores de enteros sin signo en factory.cc en Google V8 anterior r3560, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código arbitrario en el Sandbox de Chrome a través de un uso manipulado de arrays JavaScript. • http://code.google.com/p/chromium/issues/detail?id=31009 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 49EXPL: 0CVE-2010-0647
https://notcve.org/view.php?id=CVE-2010-0647
18 Feb 2010 — WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. WebKit anterior r53525, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código en el sandbox a través de un elemento RUBY malformado, como queda demostrado con la secuencia <ruby>><table><rt>. • http://code.google.com/p/chromium/issues/detail?id=31692 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0663
https://notcve.org/view.php?id=CVE-2010-0663
18 Feb 2010 — The ParamTraits
CVSS: 9.3EPSS: 8%CPEs: 49EXPL: 0CVE-2010-0659
https://notcve.org/view.php?id=CVE-2010-0659
18 Feb 2010 — The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. El decodificador de imagen en WebKit anterior a r52833, usado en Google Chrome anterior a v4.0.249.78, no controla correctamente un error de asignación de memoria, lo cual permite a atacantes remotos ejecutar código arbitrario en el rec... • http://code.google.com/p/chromium/issues/detail?id=28566 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0643
https://notcve.org/view.php?id=CVE-2010-0643
18 Feb 2010 — Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. Google Chrome anterior v4.0.249.89 intenta a establecer conexiones con sitios web cuando todas las configuraciones de los servidores proxy no están disponib... • http://code.google.com/p/chromium/issues/detail?id=12303 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2010-0650
https://notcve.org/view.php?id=CVE-2010-0650
18 Feb 2010 — WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. WebKit, usado en Google Chrome, anterior a v4.0.249.78 y Apple Safari, permite a atacantes remotos evitar las restricciones destinadas a ventanas emergentes mediante el uso de un evento de clic de ratón manipulado. • http://code.google.com/p/chromium/issues/detail?id=3275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 47EXPL: 3CVE-2010-0664
https://notcve.org/view.php?id=CVE-2010-0664
18 Feb 2010 — Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring. Vulnerabilidad de consumo en la pila en la función ChildProcessSecurityPolicy::CanRequestURL en browser/child_pr... • http://code.google.com/p/chromium/issues/detail?id=31517 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 49EXPL: 1CVE-2010-0646
https://notcve.org/view.php?id=CVE-2010-0646
18 Feb 2010 — Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. Multiples errores de enteros sin signo en factory.cc en Google V8 anterior r3560, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código de su elección en el sandbox de Chrome a través de un uso manipulado de arrays JavaScript. • http://code.google.com/p/chromium/issues/detail?id=31009 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0556
https://notcve.org/view.php?id=CVE-2010-0556
18 Feb 2010 — browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. browser/login/login_prompt.cc en Google Chrome anterior v4.0.249.89 con un diálogo de autenticación con credenciales que fueron almacenadas por Pass... • http://code.google.com/p/chromium/issues/detail?id=32718 • CWE-255: Credentials Management Errors •