CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2361
https://notcve.org/view.php?id=CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. La implementación del cuadro de diálogo Basic Authentication en Google Chrome anteriores a v13.0.782.107 no controla correctamente las cadenas, lo que podría facilitar a los atacantes remotos a capturar las credenciales a través de un sitio web manipulado. • http://code.google.com/p/chromium/issues/detail?id=79426 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74231 https://exchange.xforce.ibmcloud.com/vulnerabilities/68943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2819
https://notcve.org/view.php?id=CVE-2011-2819
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos evitar la política del mismo origen (Same Origin Policy)a través de vectores relacionado con el manejo de la URI. • http://code.google.com/p/chromium/issues/detail?id=90222 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74258 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/68969 https://oval.cisecurity.org/repository/search/definition •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2011-2761
https://notcve.org/view.php?id=CVE-2011-2761
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods. Google Chrome v14.0.794.0 no controla correctamente la recarga de una página generada en respuesta a un POST, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación ) a través de un sitio web manipulado, en relación con los métodos GetWidget. • http://code.google.com/p/chromium/issues/detail?id=86119 http://codereview.chromium.org/7189019 http://googlechromereleases.blogspot.com/2011/06/dev-channel-update_16.html http://src.chromium.org/viewvc/chrome?view=rev&revision=89409 https://exchange.xforce.ibmcloud.com/vulnerabilities/68857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13889 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-2599
https://notcve.org/view.php?id=CVE-2011-2599
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Google Chrome v11 no bloquea el uso de una imagen de varios dominios (cross-domain) como una textura WebGL, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias mediante un ataque de oportunidad que implica un fragmento WebGL manipulado. • http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html http://www.contextis.co.uk/resources/blog/webgl https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14183 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 4%CPEs: 4EXPL: 0CVE-2011-2351
https://notcve.org/view.php?id=CVE-2011-2351
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. Vulnerabilidad de uso después de liberación (use-after-free) en Google Chrome v12.0.742.112 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que implican el uso de elementos SVG. • http://code.google.com/p/chromium/issues/detail?id=85211 http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://secunia.com/advisories/45097 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support& • CWE-416: Use After Free •