Google Chrome Os vulnerabilities

CVE-2011-2169 [HIGH] CWE-264 CVE-2011-2169: Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /va Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.

CVE-2011-2170 [MEDIUM] CWE-20 CVE-2011-2170: Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes o Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.

CVE-2011-1306 [CRITICAL] CVE-2011-1306: Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 B Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors.

CVE-2011-1042 [MEDIUM] CWE-399 CVE-2011-1042: Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta all Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts.

CVE-2011-0477 [CRITICAL] CWE-119 CVE-2011-0477: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.

CVE-2011-0473 [CRITICAL] CVE-2011-0473: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading S Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0476 [CRITICAL] CWE-119 CVE-2011-0476: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.

CVE-2011-0481 [CRITICAL] CWE-120 CVE-2011-0481: Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote a Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.

CVE-2011-0475 [CRITICAL] CWE-416 CVE-2011-0475: Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 al Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.

CVE-2011-0485 [CRITICAL] CWE-20 CVE-2011-0485: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."

CVE-2011-0471 [CRITICAL] CWE-20 CVE-2011-0471: The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.3 The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-0480 [CRITICAL] CWE-120 CVE-2011-0480: Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel

CVE-2011-0474 [CRITICAL] CVE-2011-0474: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading S Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0472 [CRITICAL] CVE-2011-0472: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printin Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.

CVE-2011-0478 [CRITICAL] CWE-20 CVE-2011-0478: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use ele Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0479 [HIGH] CWE-824 CVE-2011-0479: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with exte Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.

CVE-2011-0484 [HIGH] CWE-20 CVE-2011-0484: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node r Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."

CVE-2011-0482 [MEDIUM] CWE-704 CVE-2011-0482: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

CVE-2011-0470 [MEDIUM] CVE-2011-0470: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVE-2011-0483 [MEDIUM] CWE-704 CVE-2011-0483: Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.