Google Chrome vulnerabilities

CVE-2011-2359 [MEDIUM] CWE-20 CVE-2011-2359: Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-2786 [MEDIUM] CWE-20 CVE-2011-2786: Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the produ Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.

CVE-2011-2794 [MEDIUM] CWE-125 CVE-2011-2794: Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote atta Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2785 [MEDIUM] CWE-20 CVE-2011-2785: The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the UR The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.

CVE-2011-2802 [MEDIUM] CWE-20 CVE-2011-2802: Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, wh Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.

CVE-2011-2795 [MEDIUM] CVE-2011-2795: Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."

CVE-2011-2797 [MEDIUM] CWE-416 CVE-2011-2797: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.

CVE-2011-2361 [MEDIUM] CWE-287 CVE-2011-2361: The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properl The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.

CVE-2011-2805 [MEDIUM] CWE-74 CVE-2011-2805: Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and condu Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.

CVE-2011-2788 [MEDIUM] CWE-120 CVE-2011-2788: Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 al Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

CVE-2011-2790 [MEDIUM] CWE-416 CVE-2011-2790: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.

CVE-2011-2787 [MEDIUM] CWE-20 CVE-2011-2787: Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the G Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVE-2011-2358 [MEDIUM] CWE-20 CVE-2011-2358: Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a br Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

CVE-2011-2784 [LOW] CWE-200 CVE-2011-2784: Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a requ Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.

CVE-2011-2761 [MEDIUM] CWE-399 CVE-2011-2761: Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.

CVE-2011-2599 [MEDIUM] CWE-200 CVE-2011-2599: Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

CVE-2011-2350 [MEDIUM] CVE-2011-2350: The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entr The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-2345 [MEDIUM] CWE-125 CVE-2011-2345: The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, whic The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2347 [MEDIUM] CWE-119 CVE-2011-2347: Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequen Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2011-2346 [MEDIUM] CWE-416 CVE-2011-2346: Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.