CVE-2010-1230
https://notcve.org/view.php?id=CVE-2010-1230
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors. Google Chrome en versiones anteriores a la 4.1.249.1036 no tiene el comportamiento esperado al intentar borrar los Web SQL Databases y limpiar el estado Strict Transport Security (STS) lo que tiene un impacto y unos vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=30801 http://code.google.com/p/chromium/issues/detail?id=33445 http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14292 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-1232
https://notcve.org/view.php?id=CVE-2010-1232
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document. Google Chrome en versiones anteriores a la 4.1.249.1036 permite a atacantes remotos provocar una denegación de servicio (error de memoria) o posiblemente tener otro impacto no especificado mediante un documento SVG malformado. • http://code.google.com/p/chromium/issues/detail?id=34978 http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14000 • CWE-399: Resource Management Errors •
CVE-2010-1236
https://notcve.org/view.php?id=CVE-2010-1236
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence. La función protocolIs en el archivo platform/KURLGoogle.cpp en WebCore en WebKit anterior a r55822, tal y como es usado en Chrome de Google anterior a versión 4.1.249.1036 y Flock Browser versiones 3.x anteriores a 3.0.0.4112, no maneja apropiadamente un espacio en blanco al principio de una dirección URL, lo que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS) por medio de una URL javascript: especialmente diseñada, como es demostrado por una secuencia \x00javascript:alert. • http://code.google.com/p/chromium/issues/detail?id=37383 http://codereview.chromium.org/858001 http://flock.com/security http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://src.chromium.org/viewvc/chrome?view=rev&revision=41244 http://www.vupen.com/english/advisories/2011/0212 https://bugs.webkit.org/show_bug.cgi?id=35948 https://oval.cise • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y iPhone OS para iPod touch, y Google Chrome v4.0.249, permite a tacantes remotos provocar una denegación de servicio(caída de aplicación) o posiblemente ejecutar código de su elección a través de un elemento STYLE compuesto de un número largo de secuencias *> • https://www.exploit-db.com/exploits/11574 https://www.exploit-db.com/exploits/11567 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://www.exploit-db.com/exploits/11567 http://www.exploit-db.com/exploits/11574 http://www.securityfocus.com/bid/38398 http://www.vupen.com/english/advisories/2011/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/56524 https://exchange.xforce.ibmcloud.com/vulnerabilities/56527 https • CWE-399: Resource Management Errors •
CVE-2010-0661
https://notcve.org/view.php?id=CVE-2010-0661
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp en WebKit anterior a r52401 , usado en Google Chrome, anterior a v4.0.249.78, permite a atacantes remotos saltar la política de mismo origen (Same Origin Policy) a través de vectores que implica el método window.open. • http://code.google.com/p/chromium/issues/detail?id=30660 http://flock.com/security http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://securitytracker.com/id?1023506 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http://trac.webkit.org/changeset/52401 http://www.vupen.com/english/advisories/2011/0212 • CWE-264: Permissions, Privileges, and Access Controls •