Google Chrome vulnerabilities

CVE-2012-2856 [HIGH] CWE-119 CVE-2012-2856: The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.11 The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

CVE-2012-2854 [MEDIUM] CWE-200 CVE-2012-2854: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chro Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.

CVE-2012-2852 [MEDIUM] CWE-399 CVE-2012-2852: The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.11 The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document.

CVE-2012-2846 [MEDIUM] CVE-2012-2846: Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allow Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.

CVE-2012-2855 [MEDIUM] CWE-399 CVE-2012-2855: Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2851 [MEDIUM] CWE-189 CVE-2012-2851: Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2857 [MEDIUM] CWE-399 CVE-2012-2857: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2860 [MEDIUM] CVE-2012-2860: The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and befor The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

CVE-2012-2850 [MEDIUM] CVE-2012-2850: Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 o Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.

CVE-2012-2848 [MEDIUM] CWE-264 CVE-2012-2848: The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and bef The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.

CVE-2012-2853 [MEDIUM] CVE-2012-2853: The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180. The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

CVE-2012-2849 [MEDIUM] CWE-189 CVE-2012-2849: Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

CVE-2012-2858 [MEDIUM] CWE-119 CVE-2012-2858: Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.

CVE-2012-2847 [MEDIUM] CWE-399 CVE-2012-2847: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chro Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site.

CVE-2012-2844 [CRITICAL] CVE-2012-2844: The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.

CVE-2012-2842 [HIGH] CWE-399 CVE-2012-2842: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

CVE-2012-2843 [HIGH] CWE-399 CVE-2012-2843: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.

CVE-2012-2834 [CRITICAL] CWE-189 CVE-2012-2834: Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of s Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.

CVE-2012-2821 [HIGH] CVE-2012-2821: The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, whi The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.

CVE-2012-2816 [HIGH] CVE-2012-2816: Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which mi Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.