CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5749 – Google Chrome - 'ChromeHTML://' Remote Parameter Injection
https://notcve.org/view.php?id=CVE-2008-5749
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. ** CUESTIONADA ** Vulnerabilidad de inyección de argumento en Google Chrome 1.0.154.36 sobre Windows XP SP3, permite a atacantes remotos ejecutar comandos de su elección a través de la opción "--renderer-path" en una URI chromehtml:. NOTA: un tercero cuestiona esta vulnerabilidad argumentando que Chrome "pregunta sobre los permisos de usuario" y "no puede lanzar el applet incluso si el usuario da el permiso". • https://www.exploit-db.com/exploits/7566 http://retrogod.altervista.org/9sg_chrome.html http://securityreason.com/securityalert/4821 http://www.securityfocus.com/archive/1/499570/100/0/threaded http://www.securityfocus.com/archive/1/499581/100/0/threaded http://www.securityfocus.com/archive/1/499616/100/0/threaded http://www.securityfocus.com/bid/32997 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4724
https://notcve.org/view.php?id=CVE-2008-4724
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Google Chrome v0.2.149.30 permiten a atacantes remotos inyectar web script o HTML a través de una URL ftp:// de un documento HTML dentro de un fichero (1) JPG, (2) PDF, o (3) TXT. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos solamente a partir de la información de terceros. • http://www.securityfocus.com/bid/31855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 4%CPEs: 2EXPL: 1CVE-2008-4340 – Google Chrome - Carriage Return Null Object Memory Exhaustion
https://notcve.org/view.php?id=CVE-2008-4340
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. Google Chrome 0.2.149.29 y 0.2.149.30, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un documento HTML que contiene un argumento de retorno de carro en la función window.open. • https://www.exploit-db.com/exploits/6554 http://secniche.org/gcrds.html http://securityreason.com/securityalert/4339 http://www.securityfocus.com/archive/1/496688/100/0/threaded http://www.securityfocus.com/bid/31375 https://exchange.xforce.ibmcloud.com/vulnerabilities/45403 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1831
https://notcve.org/view.php?id=CVE-2004-1831
Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. • http://aluigi.altervista.org/adv/chrome-boom-adv.txt http://marc.info/?l=bugtraq&m=107964719614657&w=2 http://www.securityfocus.com/bid/9898 https://exchange.xforce.ibmcloud.com/vulnerabilities/15535 •