Google Chrome vulnerabilities

CVE-2011-3072 [MEDIUM] CWE-346 CVE-2011-3072: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vect Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.

CVE-2011-3068 [MEDIUM] CWE-416 CVE-2011-3068: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

CVE-2011-3076 [MEDIUM] CWE-416 CVE-2011-3076: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

CVE-2011-3070 [MEDIUM] CWE-416 CVE-2011-3070: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.

CVE-2011-3077 [MEDIUM] CWE-416 CVE-2011-3077: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.

CVE-2011-3066 [MEDIUM] CWE-125 CVE-2011-3066: Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allow Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-3067 [MEDIUM] CWE-346 CVE-2011-3067: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vect Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

CVE-2011-3075 [MEDIUM] CWE-416 CVE-2011-3075: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

CVE-2011-3069 [MEDIUM] CWE-416 CVE-2011-3069: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

CVE-2011-3074 [MEDIUM] CWE-416 CVE-2011-3074: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

CVE-2011-3073 [MEDIUM] CWE-416 CVE-2011-3073: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

CVE-2011-3064 [HIGH] CWE-416 CVE-2011-3064: Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

CVE-2011-3065 [MEDIUM] CWE-190 CVE-2011-3065: Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of se Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2011-3059 [MEDIUM] CWE-125 CVE-2011-3059: Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote a Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-3063 [MEDIUM] CWE-20 CVE-2011-3063: Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, wh Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

CVE-2011-3061 [MEDIUM] CWE-295 CVE-2011-3061: Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY p Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

CVE-2011-3062 [MEDIUM] CWE-682 CVE-2011-3062: Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attac Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

CVE-2011-3058 [MEDIUM] CWE-79 CVE-2011-3058: Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVE-2011-3060 [MEDIUM] CWE-125 CVE-2011-3060: Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote atta Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-3049 [MEDIUM] CVE-2011-3049: Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which all Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.