Google Chrome vulnerabilities

CVE-2011-2827 [HIGH] CWE-416 CVE-2011-2827: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

CVE-2011-2829 [HIGH] CWE-190 CVE-2011-2829: Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.

CVE-2011-2828 [HIGH] CWE-787 CVE-2011-2828: Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial o Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

CVE-2008-7294 [MEDIUM] CWE-264 CVE-2008-7294: Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTP Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" iss

CVE-2011-2793 [MEDIUM] CWE-416 CVE-2011-2793: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.

CVE-2011-2818 [MEDIUM] CWE-416 CVE-2011-2818: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

CVE-2011-2804 [MEDIUM] CWE-20 CVE-2011-2804: Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

CVE-2011-2782 [MEDIUM] CWE-276 CVE-2011-2782: The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enf The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

CVE-2011-2801 [MEDIUM] CWE-416 CVE-2011-2801: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.

CVE-2011-2789 [MEDIUM] CWE-416 CVE-2011-2789: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.

CVE-2011-2799 [MEDIUM] CWE-416 CVE-2011-2799: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.

CVE-2011-2360 [MEDIUM] CVE-2011-2360: Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dan Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.

CVE-2011-2796 [MEDIUM] CWE-416 CVE-2011-2796: Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote at Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-2792 [MEDIUM] CWE-416 CVE-2011-2792: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

CVE-2011-2800 [MEDIUM] CWE-200 CVE-2011-2800: Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive informatio Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

CVE-2011-2819 [MEDIUM] CVE-2011-2819: Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vecto Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

CVE-2011-2803 [MEDIUM] CWE-125 CVE-2011-2803: Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2783 [MEDIUM] CWE-20 CVE-2011-2783: Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

CVE-2011-2791 [MEDIUM] CWE-787 CVE-2011-2791: The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 al The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

CVE-2011-2798 [MEDIUM] CVE-2011-2798: Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allow Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.