CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2009-0374 – Google Chrome 1.0.154.43 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0374
30 Jan 2009 — Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. ** IMPUGNADA ** Google Chrom... • https://www.exploit-db.com/exploits/7903 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-5749 – Google Chrome - 'ChromeHTML://' Remote Parameter Injection
https://notcve.org/view.php?id=CVE-2008-5749
29 Dec 2008 — Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. ** CUESTIONADA ** Vulnerabilidad de inyección de argumento en Google Chrome 1.0.154.36 sobre Windows XP SP3, permite a atacantes remotos ejecutar comandos de s... • https://www.exploit-db.com/exploits/7566 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4724
https://notcve.org/view.php?id=CVE-2008-4724
23 Oct 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Google Chrome v0.2.149.30 permiten a atacantes remotos inyectar web script o HTML a través ... • http://www.securityfocus.com/bid/31855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 2EXPL: 1CVE-2008-4340 – Google Chrome - Carriage Return Null Object Memory Exhaustion
https://notcve.org/view.php?id=CVE-2008-4340
30 Sep 2008 — Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. Google Chrome 0.2.149.29 y 0.2.149.30, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un documento HTML que contiene un argumento de retorno de carro en la función window.open. • https://www.exploit-db.com/exploits/6554 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1831
https://notcve.org/view.php?id=CVE-2004-1831
31 Dec 2004 — Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. • http://aluigi.altervista.org/adv/chrome-boom-adv.txt •