SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-10-14
Updated
2020-12-09
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
Max CVSS
4.3
EPSS Score
5.92%
Published
2008-09-30
Updated
2018-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.11%
Published
2008-10-23
Updated
2008-10-24
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
Max CVSS
6.8
EPSS Score
0.94%
Published
2008-12-29
Updated
2024-03-21
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
2.1
EPSS Score
0.24%
Published
2009-01-20
Updated
2021-11-15
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
Max CVSS
9.3
EPSS Score
19.48%
Published
2009-08-19
Updated
2018-10-11
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.
Max CVSS
4.3
EPSS Score
3.34%
Published
2009-08-19
Updated
2017-09-29
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
Max CVSS
5.0
EPSS Score
13.99%
Published
2009-08-19
Updated
2018-10-11
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
Max CVSS
4.3
EPSS Score
3.83%
Published
2009-08-19
Updated
2017-09-29
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
Max CVSS
9.3
EPSS Score
15.64%
Published
2009-08-19
Updated
2017-09-29
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.
Max CVSS
4.3
EPSS Score
9.44%
Published
2009-08-24
Updated
2018-10-11
Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-09-18
Updated
2018-10-11
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
Max CVSS
5.8
EPSS Score
0.21%
Published
2011-08-09
Updated
2012-08-02
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
Max CVSS
5.0
EPSS Score
0.23%
Published
2009-02-03
Updated
2009-02-04
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
Max CVSS
4.3
EPSS Score
2.41%
Published
2009-01-30
Updated
2024-03-21
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-02-03
Updated
2017-08-08
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
Max CVSS
7.8
EPSS Score
0.22%
Published
2009-04-24
Updated
2021-07-23
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.
Max CVSS
4.3
EPSS Score
0.15%
Published
2009-04-24
Updated
2017-08-17
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.08%
Published
2009-04-24
Updated
2017-08-17
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
Max CVSS
9.3
EPSS Score
0.34%
Published
2009-05-07
Updated
2017-08-17
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
Max CVSS
6.8
EPSS Score
3.73%
Published
2009-05-07
Updated
2009-05-19
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
Max CVSS
5.0
EPSS Score
4.65%
Published
2009-05-04
Updated
2017-09-29
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
Max CVSS
9.3
EPSS Score
0.25%
Published
2009-05-11
Updated
2021-11-15
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Max CVSS
9.3
EPSS Score
4.87%
Published
2009-06-10
Updated
2021-05-23
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Max CVSS
5.8
EPSS Score
0.24%
Published
2009-06-15
Updated
2017-08-17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!