Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5117 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-5116 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. | ||||
| CVE-2012-5115 | 2 Apple, Google | 2 Mac Os X, Chrome | 2024-11-21 | N/A |
| Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger "wild writes." | ||||
| CVE-2012-5112 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | N/A |
| Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-5111 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-5110 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2012-5109 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression. | ||||
| CVE-2012-5108 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices. | ||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2024-11-21 | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
| CVE-2012-4929 | 4 Debian, Google, Mozilla and 1 more | 5 Debian Linux, Chrome, Firefox and 2 more | 2024-11-21 | N/A |
| The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | ||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | ||||
| CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | ||||
| CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | ||||
| CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | ||||
| CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | ||||
| CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | ||||
| CVE-2012-2900 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2012-2899 | 2 Apple, Google | 2 Ipad2, Chrome | 2024-11-21 | N/A |
| Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method. | ||||
| CVE-2012-2898 | 2 Apple, Google | 2 Ipad2, Chrome | 2024-11-21 | N/A |
| Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. | ||||