CVSS: 6.8EPSS: 1%CPEs: 53EXPL: 0CVE-2012-2890
https://notcve.org/view.php?id=CVE-2012-2890
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. Vulnerabilida de error en la gestión de recursos en la funcionalidad PDF en Google Chrome antes de v22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html https://code.google.com/p/chromium/issues/detail?id=143798 https://code.google.com/p/chromium/issues/detail?id=144072 https://code.google.com/p/chromium/issues/detail?id=147402 https://exchange.xforce.ibmcloud.com/vulnerabilities/78841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 55EXPL: 0CVE-2012-2877
https://notcve.org/view.php?id=CVE-2012-2877
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. La extensión System en Google Chrome anterior a v22.0.1229.79 no gestiona de forma adecuada los diálogos de modo, lo que permite a atacantes remotos a provocar una denegación de servicio (caída de la aplicación) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=137707 https://exchange.xforce.ibmcloud.com/vulnerabilities/78832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15857 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 53EXPL: 0CVE-2012-2895
https://notcve.org/view.php?id=CVE-2012-2895
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. La funcionalidad PDF en Google Chrome anterior a v22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio y posiblemente causar otro impacto a través de vectores que lanzan operaciones de escritura fuera de rango. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html https://code.google.com/p/chromium/issues/detail?id=145029 https://code.google.com/p/chromium/issues/detail?id=145157 https://code.google.com/p/chromium/issues/detail?id=146460 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15773 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2012-2880
https://notcve.org/view.php?id=CVE-2012-2880
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. Vulnerabilidad de condición de carrera en Google Chrome anterior a v22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores relativos al plug-in "paint buffer". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=139462 https://exchange.xforce.ibmcloud.com/vulnerabilities/78838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15776 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 55EXPL: 0CVE-2012-2886
https://notcve.org/view.php?id=CVE-2012-2886
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Google Chrome antes de v22.0.1229.79, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con enlaces de Google V8, también conocido como "Universal XSS (UXSS)." • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=143437 https://exchange.xforce.ibmcloud.com/vulnerabilities/78824 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •