CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2889
https://notcve.org/view.php?id=CVE-2012-2889
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Chrome anteriores a v22.0.1229.79, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican "frames" también conocido como "Universal XSS (UXSS)." • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html http://support.apple.com/kb/HT5642 https://code.google.com/p/chromium/issues/detail?id=143439 https://exchange.xforce.ibmcloud.com/vulnerabilities/78823 https://oval.cisecurity.org/repository/search/de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 55EXPL: 0CVE-2012-2882
https://notcve.org/view.php?id=CVE-2012-2882
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue. FFmpeg usado en Google Chrome anterior a v22.0.1229.79 no maneja adecuadamente los contenedores OGG, lo que permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores desconocidos relativos al tema "wild pointer". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://chromiumcodereview.appspot.com/10829204 https://code.google.com/p/chromium/issues/detail?id=140647 https://exchange.xforce.ibmcloud.com/vulnerabilities/78839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688 https://src.chromium.org/viewvc/chrome?view=rev&revision=150239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2012-2887
https://notcve.org/view.php?id=CVE-2012-2887
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. Vulnerabilidad de uso de memoria después de su liberación en Google Chrome anterior a 22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores relativos a los eventos "onclick". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=143609 https://exchange.xforce.ibmcloud.com/vulnerabilities/78828 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15797 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2012-2896
https://notcve.org/view.php?id=CVE-2012-2896
Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de desbordamiento de entero en la implementación WebGL en Google Chrome antes de v22.0.1229.79 en Mac OS X, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=145544 https://exchange.xforce.ibmcloud.com/vulnerabilities/78831 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4907 – Chrome For Android API Exposure
https://notcve.org/view.php?id=CVE-2012-4907
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. Google Chrome antes de v18.0.1025308 en Android no restringe correctamente acceso desde el código JavaScript a Android API, lo que permite a atacantes remotos tener un impacto no especificado a través de una página web maliciosa. By abusing Java objects exposed to JavaScript, malicious web pages can execute arbitrary commands on Chrome for Android, if the accessibility setting of the device is enabled. Version 18.0.1025308 was released to address this vulnerability. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=137532 • CWE-264: Permissions, Privileges, and Access Controls •