Google Chrome vulnerabilities

CVE-2011-1465 [MEDIUM] CVE-2011-1465: The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.

CVE-2011-0609 [HIGH] CVE-2011-0609: Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary co

CVE-2011-1195 [HIGH] CWE-416 CVE-2011-1195: Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."

CVE-2011-1285 [HIGH] CWE-119 CVE-2011-1285: The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implemen The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1191 [HIGH] CWE-416 CVE-2011-1191: Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.

CVE-2011-1286 [HIGH] CVE-2011-1286: Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial o Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.

CVE-2011-1199 [HIGH] CVE-2011-1199: Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote att Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1188 [HIGH] CVE-2011-1188: Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attack Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1198 [HIGH] CWE-119 CVE-2011-1198: The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a deni The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."

CVE-2011-1197 [HIGH] CWE-20 CVE-2011-1197: Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote atta Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1196 [HIGH] CVE-2011-1196: The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cau The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

CVE-2011-1201 [HIGH] CVE-2011-1201: The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote at The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1193 [HIGH] CVE-2011-1193: Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2011-1185 [HIGH] CVE-2011-1185: Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the to Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.

CVE-2011-1189 [HIGH] CVE-2011-1189: Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attacker Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

CVE-2011-1203 [HIGH] CVE-2011-1203: Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attacker Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1187 [MEDIUM] CWE-200 CVE-2011-1187: Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspe Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

CVE-2011-1200 [MEDIUM] CWE-704 CVE-2011-1200: Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

CVE-2011-1202 [MEDIUM] CWE-200 CVE-2011-1202: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CVE-2011-1190 [MEDIUM] CWE-200 CVE-2011-1190: The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypas The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."