CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0CVE-2008-7294
https://notcve.org/view.php?id=CVE-2008-7294
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. Google Chrome en versiones anteriors a la 4.0.211.0 no restringe apropiadamente las modificaciones a las cookies establecidas en las sesiones HTTPS, lo que facilita a atacantes "man-in-the-middle" sobreescribir o borrar cookies arbitrarias a través de una cabecera Set-Cookie en una respuesta HTTP, relacionado con una fallo en la funcionalidad HTTP Strict Transport Security (HSTS) includeSubDomains. También conocido como un problema "cookie forcing". • http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html https://bugzilla.mozilla.org/show_bug.cgi?id=660053 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2802
https://notcve.org/view.php?id=CVE-2011-2802
Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. Google V8, como se usa en Google Chrome antes de la v13.0.782.107, no realizar bien las búsquedas constantes y permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de un sitio web diseñado. • http://code.google.com/p/chromium/issues/detail?id=88591 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74253 https://exchange.xforce.ibmcloud.com/vulnerabilities/68964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14236 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2784
https://notcve.org/view.php?id=CVE-2011-2784
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos obtener información sensible a través de una solicitud de registro del programa GL, lo que revela una ruta local en una entrada de registro especificado. • http://code.google.com/p/chromium/issues/detail?id=83841 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74234 https://exchange.xforce.ibmcloud.com/vulnerabilities/68946 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2794
https://notcve.org/view.php?id=CVE-2011-2794
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome anterior a v13.0.782.107 no desarrolla adecuadamente iteraciones de texto, lo que permite a atacantes remotos provocar una denegación de servicio a través de (lectura fuera de límites)vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=87298 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74244 https://exchange.xforce.ibmcloud.com/vulnerabilities/68956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14515 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2785
https://notcve.org/view.php?id=CVE-2011-2785
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension. La implementación de extensiones de Google Chrome anterior a v13.0.782.107 no valida correctamente la dirección URL de la página principal, lo que permite a atacantes remotos tener un impacto no especificado a través de una extensión manipulada. • http://code.google.com/p/chromium/issues/detail?id=84402 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74235 https://exchange.xforce.ibmcloud.com/vulnerabilities/68947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14298 • CWE-20: Improper Input Validation •