CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-4905 – Google Chrome for Android - com.android.browser.application_id Intent Extra Data Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4905
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Google Chrome antes de v18.0.1025308 en Android permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un 'extra' en un objeto 'Intent'. Se trata de un problema también conocido como "Universal XSS (UXSS)". Chrome for Android suffers from a universal cross site scripting vulnerability via com.android.browser.application_id. Version 18.0.1025308 was released to address this vulnerability. • https://www.exploit-db.com/exploits/37792 http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=144813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4904
https://notcve.org/view.php?id=CVE-2012-4904
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. Una vulnerabilidad de ejecución de scripts entre aplicaciones en Google Chrome antes de v18.0.1025308 para Android permite a atacantes remotos inyectar secuencias de comandos web a través de vectores no especificados, como se demostró con ataques "Universal XSS (UXSS)" contra la pestaña actual. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=138035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4903
https://notcve.org/view.php?id=CVE-2012-4903
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. Google Chrome antes de v18.0.1025308 en Android no restringe correctamente el acceso a URLs "file:", lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados, comoha quedado demostrado mediante la obtención de datos de credenciales. Se trata de una vulnerabilidad diferente a CVE-2012-4906a. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=138210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2865
https://notcve.org/view.php?id=CVE-2012-2865
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. Google Chrome anterior a v21.0.1180.89 no realiza correctamente los saltos de línea, permitiendo a atacantes remotos provocar una denegación de servicio (fuera de límites leer) a través de un documento elaborado. • http://code.google.com/p/chromium/issues/detail?id=121347 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2012-2869
https://notcve.org/view.php?id=CVE-2012-2869
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." Google Chrome anterior a v21.0.1180.89 no carga correctamente las direcciones URL, permitiendo a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores que provocan un "colchón viejo." • http://code.google.com/p/chromium/issues/detail?id=137778 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85034 https://exchange.xforce.ibmcloud.com/vulnerabilities/78178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15710 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •