CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3879
https://notcve.org/view.php?id=CVE-2011-3879
Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no previene redirecciones a chrome: URLs, lo que tiene un impacto sin especificar y vectores de ataque remotos. • http://code.google.com/p/chromium/issues/detail?id=95374 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13246 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3883
https://notcve.org/view.php?id=CVE-2011-3883
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters. Vulnerabilidad de tipo "usar después de liberar" ("use-after-free") en Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de vectores relacionados con contadores ("counters"). • http://code.google.com/p/chromium/issues/detail?id=96902 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70961 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13091 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3877
https://notcve.org/view.php?id=CVE-2011-3877
Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página appcache internals de Google Chrome en versiones anteriores a la 15.0.874.102. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectoers sin especificar. • http://code.google.com/p/chromium/issues/detail?id=91218 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3891
https://notcve.org/view.php?id=CVE-2011-3891
Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no restringe el acceso a las funciones Google V8 internas, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=100322 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13172 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •