Google Chrome vulnerabilities

CVE-2011-2846 [MEDIUM] CWE-416 CVE-2011-2846: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

CVE-2011-2874 [MEDIUM] CWE-295 CVE-2011-2874: Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certi Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.

CVE-2011-2849 [MEDIUM] CWE-476 CVE-2011-2849: The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

CVE-2011-2854 [MEDIUM] CWE-416 CVE-2011-2854: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."

CVE-2011-2875 [MEDIUM] CWE-843 CVE-2011-2875: Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, w Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVE-2011-2844 [MEDIUM] CWE-125 CVE-2011-2844: Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2843 [MEDIUM] CWE-125 CVE-2011-2843: Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attack Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2834 [MEDIUM] CWE-415 CVE-2011-2834: Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVE-2011-2859 [MEDIUM] CWE-276 CVE-2011-2859: Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspec Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.

CVE-2011-2855 [MEDIUM] CWE-74 CVE-2011-2855: Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequen Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

CVE-2011-2848 [MEDIUM] CWE-20 CVE-2011-2848: Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vec Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.

CVE-2011-2847 [MEDIUM] CWE-416 CVE-2011-2847: Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remo Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2011-2825 [CRITICAL] CWE-416 CVE-2011-2825: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.

CVE-2011-2806 [CRITICAL] CWE-119 CVE-2011-2806: Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remo Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2011-2822 [CRITICAL] CWE-20 CVE-2011-2822: Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command lin Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.

CVE-2011-2823 [HIGH] CWE-416 CVE-2011-2823: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

CVE-2011-2839 [HIGH] CWE-20 CVE-2011-2839: The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memse The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-2821 [HIGH] CWE-415 CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

CVE-2011-2824 [HIGH] CWE-416 CVE-2011-2824: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.

CVE-2011-2826 [HIGH] CVE-2011-2826: Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vecto Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.