CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2845
https://notcve.org/view.php?id=CVE-2011-2845
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Google Chrome antes de v15.0.874.102 no maneja adecuadamente los datos del historial, lo que permite a atacantes remotos asistidos por el usuario falsificar la barra de URL a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=86758 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3873
https://notcve.org/view.php?id=CVE-2011-3873
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Google Chrome antes de v14.0.835.202 no aplica correctamente la traducción del sombreado, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=98089 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://osvdb.org/76067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2876
https://notcve.org/view.php?id=CVE-2011-2876
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v14.0.835.202 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores que implican a una caja de texto. • http://code.google.com/p/chromium/issues/detail?id=93788 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14439 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2881
https://notcve.org/view.php?id=CVE-2011-2881
Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. Google Chrome antes de v14.0.835.202 no controla correctamente los objetos ocultos de Google V8, lo que permite a atacantes remotos provocar una denegación de servicio (por corrupción de memoria) o posiblemente tener un impacto no especificado a través de código JavaScript hecho a mano. • http://code.google.com/p/chromium/issues/detail?id=97784 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14075 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •