CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0411
https://notcve.org/view.php?id=CVE-2009-0411
03 Feb 2009 — Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. Google Chrome anterior a v1.0.154.46 no restringe adecuadamente el acceso de las páginas Web a las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2. Esto permite a atacantes remotos obtener información sensible de la cookies a travé... • http://codereview.chromium.org/11264 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0276
https://notcve.org/view.php?id=CVE-2009-0276
03 Feb 2009 — Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. Vulnerabilidad de dominio cruzado en la V8 del motor JavaScript en Google Chrome anterior a 1.0.154.46, permite a atacantes remotos evitar la Política del Mismo Origen (Same Origin Policy) a través de una secuencia d... • http://codereview.chromium.org/18531 •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2009-0374 – Google Chrome 1.0.154.43 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0374
30 Jan 2009 — Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. ** IMPUGNADA ** Google Chrom... • https://www.exploit-db.com/exploits/7903 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-5749 – Google Chrome - 'ChromeHTML://' Remote Parameter Injection
https://notcve.org/view.php?id=CVE-2008-5749
29 Dec 2008 — Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. ** CUESTIONADA ** Vulnerabilidad de inyección de argumento en Google Chrome 1.0.154.36 sobre Windows XP SP3, permite a atacantes remotos ejecutar comandos de s... • https://www.exploit-db.com/exploits/7566 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4724
https://notcve.org/view.php?id=CVE-2008-4724
23 Oct 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Google Chrome v0.2.149.30 permiten a atacantes remotos inyectar web script o HTML a través ... • http://www.securityfocus.com/bid/31855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 2EXPL: 1CVE-2008-4340 – Google Chrome - Carriage Return Null Object Memory Exhaustion
https://notcve.org/view.php?id=CVE-2008-4340
30 Sep 2008 — Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. Google Chrome 0.2.149.29 y 0.2.149.30, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un documento HTML que contiene un argumento de retorno de carro en la función window.open. • https://www.exploit-db.com/exploits/6554 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1831
https://notcve.org/view.php?id=CVE-2004-1831
31 Dec 2004 — Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. • http://aluigi.altervista.org/adv/chrome-boom-adv.txt •