CVE-2011-0478
https://notcve.org/view.php?id=CVE-2011-0478
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 no manejan adecuadamente los elementos de uso de SVG, lo que permite provocar a atacantes remotos una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que llevan a un puntero en estado "stale". • http://code.google.com/p/chromium/issues/detail?id=67363 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70461 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64669 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14191 • CWE-20: Improper Input Validation •
CVE-2011-0484
https://notcve.org/view.php?id=CVE-2011-0484
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 no realiza correctamente la eliminación de nodos DOM, lo que permite provocar a atacantes remotos una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un nodo de representación en estado "stale". • http://code.google.com/p/chromium/issues/detail?id=68439 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70467 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14131 • CWE-20: Improper Input Validation •
CVE-2010-4576
https://notcve.org/view.php?id=CVE-2010-4576
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. browser/worker_host/message_port_dispatcher.cc en Google Chrome anterior a v8.0.552.224 y Chrome OS anterior a v8.0.552.343 no maneja adecuadamente ciertas llamadas postMessage, lo cual permite a los atacantes remotos causar una denegación de servicio (referencia a puntero NULO y fallo de la aplicación) a través de código JavaScript manipulado. • http://code.google.com/p/chromium/issues/detail?id=63529 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html http://secunia.com/advisories/42648 http://src.chromium.org/viewvc/chrome?view=rev&revision=66620 http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml http://www.securityfocus.com/bid/45390 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14161 • CWE-476: NULL Pointer Dereference •
CVE-2010-4577 – webkit: CSS Font Face Parsing Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2010-4577
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." Google Chrome anterior v8.0.552.224 y Chrome OS anterior v8.0.552.343 no parsea adecuadamente la secuencia de elementos Cascading Style Sheets (CSS), lo que permite a atacantes remotos causar una denegación de servicio (por lectura fuera de rango) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=63866 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html http://secunia.com/advisories/42648 http://secunia.com/advisories/43086 http://trac.webkit.org/changeset/72685 http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp http://www.debian.org/security/2011/dsa-2188 http://www.gentoo.org/security/en/ • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2010-4574
https://notcve.org/view.php?id=CVE-2010-4574
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data. La función Pickle::Pickle en base/pickle.cc de Google Chrome anterior a v8.0.552.224 y Chrome OS anterior a v8.0.552.343 en plataformas Linux de 64-bit no realizar correctamente la aritmética de punteros, lo cual permite a los atacantes remotos evitar la validación de mensajes deserialización, y causar una denegación de servicio o posiblemente otro impacto no especificado, a través de datos no válidos. • http://code.google.com/p/chromium/issues/detail?id=56449 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html http://secunia.com/advisories/42648 http://src.chromium.org/viewvc/chrome?view=rev&revision=68033 http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml http://www.securityfocus.com/bid/45390 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141 • CWE-502: Deserialization of Untrusted Data •