CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2009-3456
https://notcve.org/view.php?id=CVE-2009-3456
29 Sep 2009 — Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Google Chrome, posiblemente v3.0.195.21 y ant... • http://www.securityfocus.com/bid/36479 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2009-3268
https://notcve.org/view.php?id=CVE-2009-3268
18 Sep 2009 — Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. Google Chrome v1.0.154.48 y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de un envío automático de un formulario que contenga un elemento generador de claves, una vulnerabilidad relacionada con CVE-2009-1828. • http://websecurity.com.ua/3194 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1CVE-2009-3263
https://notcve.org/view.php?id=CVE-2009-3263
18 Sep 2009 — Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Google Chrome 2.x y 3.x anteriores a 3.0.195.21 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de feeds (1) RSS o (2) Atom, ... • http://code.google.com/p/chromium/issues/detail?id=21238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-7246 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7246
18 Sep 2009 — Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Google Chrome v0.2.149.29 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador inutilizado) mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con la vulnerabilidad CVE... • https://www.exploit-db.com/exploits/12509 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2009-3264
https://notcve.org/view.php?id=CVE-2009-3264
18 Sep 2009 — The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. El método getSVGDocument en Google Chrome anteriores a v3.0.195.21 omite una comprobación de acceso inespecífica, lo que permite a servidores web remotos evitar la politica Same Originy dirigir ataques de ej... • http://code.google.com/p/chromium/issues/detail?id=21338 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 2CVE-2009-3011
https://notcve.org/view.php?id=CVE-2009-3011
31 Aug 2009 — Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of t... • http://websecurity.com.ua/3315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 2CVE-2009-2974
https://notcve.org/view.php?id=CVE-2009-2974
27 Aug 2009 — Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property. Google Chrome v1.0.154.65, v1.0.154.48, y anteriores permite a los atacantes remotos (1) causar una denegación de s... • http://archives.neohapsis.com/archives/bugtraq/2009-08/0217.html •
CVSS: 6.4EPSS: 0%CPEs: 30EXPL: 0CVE-2009-2973
https://notcve.org/view.php?id=CVE-2009-2973
27 Aug 2009 — Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409. Google Chrome anteriores a v2.0.172.43 no impide conexiones SSL a un sitio con un certificado X.509 firmado con el algoritmo (1) MD2 o (2) MD4, lo que hace más fácil para los ataques de "hombre en el medio" suplantar ... • http://code.google.com/p/chromium/issues/detail?id=18725 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 5%CPEs: 30EXPL: 0CVE-2009-2935
https://notcve.org/view.php?id=CVE-2009-2935
27 Aug 2009 — Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener información sensible o ejecución arbitraria de código en el Chrome sandbox, a través de JavaS... • http://code.google.com/p/chromium/issues/detail?id=18639 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 7CVE-2008-7061 – Google Chrome 0.2.149 - Malformed 'title' Tag Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-7061
24 Aug 2009 — The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists. El gestor de "tooltips" (chrome/views/tooltip_manager.cc)... • https://www.exploit-db.com/exploits/32311 • CWE-399: Resource Management Errors •