CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 1CVE-2009-1441
https://notcve.org/view.php?id=CVE-2009-1441
07 May 2009 — Heap-based buffer overflow in the ParamTraits
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 2CVE-2009-1514 – Google Chrome 1.0.154.53 - Null Pointer Remote Crash
https://notcve.org/view.php?id=CVE-2009-1514
04 May 2009 — Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. Google Chrome v1.0.154.53 permite a atacantes remotos provocar una denegación de servicio desreferenciación de puntero nulo y caída de aplicación) a través de una declaración con un valor de excepción largo. • https://www.exploit-db.com/exploits/8573 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 2CVE-2009-1412
https://notcve.org/view.php?id=CVE-2009-1412
24 Apr 2009 — Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across ... • http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2009-1414
https://notcve.org/view.php?id=CVE-2009-1414
24 Apr 2009 — Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. Google Chrome 2.0.x permite que las modificaciones en el objeto global persistan a través de una página de transición, lo que facilita a los atacantes a la hora de llevar a cabo ataques XSS universales a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=9860 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-1413
https://notcve.org/view.php?id=CVE-2009-1413
24 Apr 2009 — Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability. Google Crome 1.0.x no cancela los timeouts sobre una pagina de transición, lo qu... • http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0411
https://notcve.org/view.php?id=CVE-2009-0411
03 Feb 2009 — Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. Google Chrome anterior a v1.0.154.46 no restringe adecuadamente el acceso de las páginas Web a las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2. Esto permite a atacantes remotos obtener información sensible de la cookies a travé... • http://codereview.chromium.org/11264 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0276
https://notcve.org/view.php?id=CVE-2009-0276
03 Feb 2009 — Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. Vulnerabilidad de dominio cruzado en la V8 del motor JavaScript en Google Chrome anterior a 1.0.154.46, permite a atacantes remotos evitar la Política del Mismo Origen (Same Origin Policy) a través de una secuencia d... • http://codereview.chromium.org/18531 •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2009-0374 – Google Chrome 1.0.154.43 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0374
30 Jan 2009 — Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. ** IMPUGNADA ** Google Chrom... • https://www.exploit-db.com/exploits/7903 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-5749 – Google Chrome - 'ChromeHTML://' Remote Parameter Injection
https://notcve.org/view.php?id=CVE-2008-5749
29 Dec 2008 — Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. ** CUESTIONADA ** Vulnerabilidad de inyección de argumento en Google Chrome 1.0.154.36 sobre Windows XP SP3, permite a atacantes remotos ejecutar comandos de s... • https://www.exploit-db.com/exploits/7566 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4724
https://notcve.org/view.php?id=CVE-2008-4724
23 Oct 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Google Chrome v0.2.149.30 permiten a atacantes remotos inyectar web script o HTML a través ... • http://www.securityfocus.com/bid/31855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •