CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2785
https://notcve.org/view.php?id=CVE-2011-2785
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension. La implementación de extensiones de Google Chrome anterior a v13.0.782.107 no valida correctamente la dirección URL de la página principal, lo que permite a atacantes remotos tener un impacto no especificado a través de una extensión manipulada. • http://code.google.com/p/chromium/issues/detail?id=84402 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74235 https://exchange.xforce.ibmcloud.com/vulnerabilities/68947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14298 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2805
https://notcve.org/view.php?id=CVE-2011-2805
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos la Política de Mismo Origen (Same Origin Policy) y producir un ataque de inyección de secuencias de comandos, a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=89520 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74257 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/68967 https://oval.cisecurity.org/repository/search/definition • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 2%CPEs: 6EXPL: 0CVE-2011-2359
https://notcve.org/view.php?id=CVE-2011-2359
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome antes de v13.0.782.107 no sigue correctamente cajas de línea durante la búsqueda, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a un "puntero viejo". • http://code.google.com/p/chromium/issues/detail?id=78841 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74229 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2795
https://notcve.org/view.php?id=CVE-2011-2795
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak." Google Chrome anterior a v13.0.782.107 no previene las llamadas a otras funciones en otros marcos, esto permite a atacantes remotos saltarse las restricciones de acceso pretendidas, mediante un sitio web manipulado. Está relacionado con "fuga en la función cross-frame". • http://code.google.com/p/chromium/issues/detail?id=87339 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74245 https://exchange.xforce.ibmcloud.com/vulnerabilities/68957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2801
https://notcve.org/view.php?id=CVE-2011-2801
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader. Vulnerabilidad use-after-free en Google Chrome anterior a v13.0.782.107 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores relacionados con el cargador del frame. • http://code.google.com/p/chromium/issues/detail?id=88846 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74252 https://exchange.xforce.ibmcloud.com/vulnerabilities/68963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14391 • CWE-416: Use After Free •