CVE-2011-2782
https://notcve.org/view.php?id=CVE-2011-2782
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. La implementación de arrastrar y soltar en Google Chrome en Linux antes de v13.0.782.107 no aplica correctamente los permisos de archivos, que permiten a atacantes remotos asistidos por usuarios evitar las restricciones de acceso a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=81307 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74232 https://exchange.xforce.ibmcloud.com/vulnerabilities/68944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14100 • CWE-276: Incorrect Default Permissions •
CVE-2011-2800
https://notcve.org/view.php?id=CVE-2011-2800
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos obtener información sensible sobre los destinos redirigidos, desde el lado del cliente a través de un sitio web manipulado. • http://code.google.com/p/chromium/issues/detail?id=88337 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74251 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.debian.org/security/2011/dsa-2307 https://exchange.xforce.ibmcloud.com/vulnerabilities/68962 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2788
https://notcve.org/view.php?id=CVE-2011-2788
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors. Desbordamiento de búfer en la funcionalidad inspector serialization de Google Chrome en v13.0.782.107 y anteriores que permite al usuarios ayudados por atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=85559 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74238 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2011-2793
https://notcve.org/view.php?id=CVE-2011-2793
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors. Vulnerabilidad de tipo "usar después de liberar" en Google Chrome en versiones anteriores a la 13.0.782.107 ermite a atacantes remotos provocar una denegación de servicio o tener otro impacto sin especificar a través de vectores relacionados con selectores de contenido multimedia ("media selectors"). • http://code.google.com/p/chromium/issues/detail?id=87227 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74243 https://exchange.xforce.ibmcloud.com/vulnerabilities/68955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14554 • CWE-416: Use After Free •
CVE-2011-2358
https://notcve.org/view.php?id=CVE-2011-2358
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. Google Chrome en versiones anteriores a la 13.0.782.107 no se asegura de que las instalaciones de extensiones son confirmadas por una ventana de diálogo, lo que facilita a atacantes remotos modificar la funcionalidad de una producto a través de una extensión maliciosa que contiene un troyano. • http://code.google.com/p/chromium/issues/detail?id=75821 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74228 https://exchange.xforce.ibmcloud.com/vulnerabilities/68940 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14425 • CWE-20: Improper Input Validation •