Google

Chrome

5395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.68%
  • Veröffentlicht 19.08.2009 05:24:52
  • Zuletzt bearbeitet 16.06.2026 23:03:23

Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.

Exploit
  • EPSS 9.68%
  • Veröffentlicht 19.08.2009 05:24:52
  • Zuletzt bearbeitet 16.06.2026 23:03:23

Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large numbe...

  • EPSS 1.79%
  • Veröffentlicht 11.08.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:24

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute...

  • EPSS 0.82%
  • Veröffentlicht 22.07.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:44

Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

  • EPSS 3.43%
  • Veröffentlicht 21.07.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:41

Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

  • EPSS 1.59%
  • Veröffentlicht 21.07.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:42

Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.

Exploit
  • EPSS 2.05%
  • Veröffentlicht 07.07.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:16

Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specif...

Exploit
  • EPSS 2%
  • Veröffentlicht 23.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:49

Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.

  • EPSS 1.1%
  • Veröffentlicht 15.06.2009 19:30:05
  • Zuletzt bearbeitet 16.06.2026 23:08:40

src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attacke...

  • EPSS 1.02%
  • Veröffentlicht 15.06.2009 19:30:05
  • Zuletzt bearbeitet 16.06.2026 23:08:42

Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid cer...