CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2011-3051
https://notcve.org/view.php?id=CVE-2011-3051
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. Una vulnerabilidad de uso después de liberación en la imprentacion de las Hojas de Estilo en Cascada (CSS) en Google Chrome antes de v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la función de fundido cruzado. • http://code.google.com/p/chromium/issues/detail?id=116461 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80289 http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52674 http://www.securitytracker.com/id?1026841 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-416: Use After Free •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2012-1845
https://notcve.org/view.php?id=CVE-2012-1845
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." Una vulnerabilidad de Uso después de liberación en Google Chrome v17.0.963.66 y anteriores permite a atacantes remotos eludir los mecanismos de protección DEP y ASLR, y ejecutar código de su elección, a través de vectores no especificados, como lo demuestró VUPEN durante una competición Pwn2Own en CanSecWest 2012. NOTA: el producto afectado será aclarado más adelante, no fue identificado por el investigador, quien declaró que "realmente no importa si se trata de código de terceros". • http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177576000761237505 http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588 https://exchange.xforce.ibmcloud.com/vulnerabilities/74323 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3057
https://notcve.org/view.php?id=CVE-2011-3057
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. Google V8, tal como se utiliza en Google Chrome antes de v17.0.963.83, permite a atacantes remotos provocar una denegación de servicio a través de vectores que provocan una operación de lectura no válida. • http://code.google.com/p/chromium/issues/detail?id=117794 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52674 http://www.securitytracker.com/id?1026877 https://exchange.xforce.ibmcloud.co • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2011-3050
https://notcve.org/view.php?id=CVE-2011-3050
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Una vulnerabilidad de uso después de liberación de vulnerabilidad en la implementación de las Hojas de Estilo en Cascada (CSS) en Google Chrome v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el pseudo-elemento :first-letter . • http://code.google.com/p/chromium/issues/detail?id=113902 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80288 http://secunia.com/advisories/48512 http&# • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3056
https://notcve.org/view.php?id=CVE-2011-3056
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." Google Chrome antes de v17.0.963.83 permite a atacantes remotos evitar la política de mismo origen a través de vectores relacionados con un "magic iframe". • http://code.google.com/p/chromium/issues/detail?id=117550 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80294 http://osvdb.org/81794 http://secunia.com/advisories/47292 http://secunia.com/advisories/48512 http:// • CWE-346: Origin Validation Error •