CVE-2011-3877
https://notcve.org/view.php?id=CVE-2011-3877
Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página appcache internals de Google Chrome en versiones anteriores a la 15.0.874.102. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectoers sin especificar. • http://code.google.com/p/chromium/issues/detail?id=91218 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3891
https://notcve.org/view.php?id=CVE-2011-3891
Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no restringe el acceso a las funciones Google V8 internas, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=100322 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13172 •
CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3886
https://notcve.org/view.php?id=CVE-2011-3886
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations. Google V8, tal como se utiliza en Google Chrome en versiones anteriores a la 15.0.874.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de código JavaScript modificado que provoca operaciones de escritura fuera de los límites. • http://code.google.com/p/chromium/issues/detail?id=98773 http://code.google.com/p/chromium/issues/detail?id=99167 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13201 • CWE-20: Improper Input Validation •
CVE-2011-3876
https://notcve.org/view.php?id=CVE-2011-3876
Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente la descarga de ficheros que tienen espacios en blanco al final del nombre de fichero, lo que tiene un impacto sin especificar y vectores de ataque remotos asistidos por el usuario. • http://code.google.com/p/chromium/issues/detail?id=90217 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70954 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13042 •