Google Chrome vulnerabilities

CVE-2011-3885 [HIGH] CWE-416 CVE-2011-3885: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

CVE-2011-3883 [HIGH] CWE-416 CVE-2011-3883: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.

CVE-2011-3880 [HIGH] CWE-20 CVE-2011-3880: Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a deli Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.

CVE-2011-3879 [HIGH] CVE-2011-3879: Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.

CVE-2011-3890 [HIGH] CWE-416 CVE-2011-3890: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.

CVE-2011-2845 [MEDIUM] CWE-20 CVE-2011-2845: Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

CVE-2011-3876 [MEDIUM] CVE-2011-3876: Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace ch Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.

CVE-2011-3877 [MEDIUM] CWE-79 CVE-2011-3877: Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0 Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2011-3884 [MEDIUM] CWE-20 CVE-2011-3884: Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, whic Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2011-3881 [MEDIUM] CWE-79 CVE-2011-3881: WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ prope

CVE-2011-3887 [MEDIUM] CWE-565 CVE-2011-3887: Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote att Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

CVE-2011-3878 [MEDIUM] CWE-362 CVE-2011-3878: Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of ser Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.

CVE-2011-3888 [MEDIUM] CWE-416 CVE-2011-3888: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attack Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

CVE-2011-3875 [MEDIUM] CWE-20 CVE-2011-3875: Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

CVE-2011-2878 [HIGH] CVE-2011-2878: Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which a Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2011-2877 [MEDIUM] CVE-2011-2877: Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers t Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."

CVE-2011-3873 [MEDIUM] CWE-119 CVE-2011-3873: Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remot Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2011-2879 [MEDIUM] CVE-2011-2879: Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety duri Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-2881 [MEDIUM] CWE-119 CVE-2011-2881: Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows re Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

CVE-2011-2876 [MEDIUM] CWE-416 CVE-2011-2876: Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.