Google Chrome vulnerabilities

CVE-2012-2833 [HIGH] CWE-119 CVE-2012-2833: Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows r Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2012-2818 [HIGH] CWE-399 CVE-2012-2818: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature.

CVE-2012-2827 [HIGH] CWE-399 CVE-2012-2827: Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attac Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2012-2830 [HIGH] CVE-2012-2830: Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.

CVE-2012-2817 [HIGH] CWE-399 CVE-2012-2817: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.

CVE-2012-2823 [HIGH] CWE-399 CVE-2012-2823: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.

CVE-2012-2831 [HIGH] CWE-399 CVE-2012-2831: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.

CVE-2012-2824 [HIGH] CWE-399 CVE-2012-2824: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.

CVE-2012-2764 [HIGH] CVE-2012-2764: Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow loca Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

CVE-2012-2829 [HIGH] CWE-399 CVE-2012-2829: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

CVE-2012-2820 [MEDIUM] CWE-20 CVE-2012-2820: Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attac Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-2807 [MEDIUM] CWE-189 CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other produc Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2012-2822 [MEDIUM] CVE-2012-2822: The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-2825 [MEDIUM] CWE-20 CVE-2012-2825: The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denia The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVE-2012-2826 [MEDIUM] CVE-2012-2826: Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remot Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-2815 [MEDIUM] CWE-200 CVE-2012-2815: Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive informatio Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.

CVE-2012-2828 [MEDIUM] CWE-189 CVE-2012-2828: Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remot Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2832 [MEDIUM] CVE-2012-2832: The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does no The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

CVE-2012-2819 [MEDIUM] CWE-20 CVE-2012-2819: The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does no The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL

CVE-2011-3106 [CRITICAL] CWE-119 CVE-2011-3106: The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of S The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.