Google Chrome vulnerabilities

CVE-2012-2876 [HIGH] CWE-119 CVE-2012-2876: Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows r Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2012-2881 [HIGH] CWE-119 CVE-2012-2881: Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers t Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2012-2887 [HIGH] CWE-399 CVE-2012-2887: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.

CVE-2012-2897 [HIGH] CWE-119 CVE-2012-2897: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers t

CVE-2012-2878 [HIGH] CWE-399 CVE-2012-2878: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.

CVE-2012-2880 [HIGH] CWE-362 CVE-2012-2880: Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of ser Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.

CVE-2012-2883 [HIGH] CVE-2012-2883: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874.

CVE-2012-2874 [HIGH] CWE-119 CVE-2012-2874: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.

CVE-2012-2888 [HIGH] CWE-399 CVE-2012-2888: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.

CVE-2012-2884 [MEDIUM] CWE-119 CVE-2012-2884: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-2894 [MEDIUM] CWE-399 CVE-2012-2894: Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which a Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2012-2893 [MEDIUM] CWE-399 CVE-2012-2893: Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote at Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.

CVE-2012-2890 [MEDIUM] CWE-399 CVE-2012-2890: Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows re Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2877 [MEDIUM] CWE-20 CVE-2012-2877: The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, wh The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVE-2012-2882 [MEDIUM] CWE-20 CVE-2012-2882: FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.

CVE-2012-2895 [MEDIUM] CWE-119 CVE-2012-2895: The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

CVE-2012-2886 [MEDIUM] CWE-79 CVE-2012-2886: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attacker Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."

CVE-2012-2892 [MEDIUM] CVE-2012-2892: Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.

CVE-2012-2875 [MEDIUM] CVE-2012-2875: Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 a Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.

CVE-2012-2889 [MEDIUM] CWE-79 CVE-2012-2889: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attacker Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."