Filtered by vendor Google
Subscribe
Total
13455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. | |||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2009-2955 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2009-3934 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail. | |||||
| CVE-2010-0316 | 1 Google | 1 Google Sketchup | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file. | |||||
| CVE-2008-6994 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header. | |||||
| CVE-2009-2656 | 1 Google | 1 Android | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. | |||||
| CVE-2008-0985 | 1 Google | 1 Android Sdk | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | |||||
| CVE-2009-1598 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
| Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | |||||
| CVE-2008-5915 | 1 Google | 1 Chrome | 2025-04-09 | 2.1 LOW | N/A |
| An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-7157 | 1 Google | 1 Earth | 2025-04-09 | 7.1 HIGH | N/A |
| Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2025-04-09 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2007-1085 | 1 Google | 1 Desktop | 2025-04-09 | 7.6 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | |||||
| CVE-2008-7061 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists. | |||||
| CVE-2010-0315 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. | |||||
| CVE-2009-2973 | 1 Google | 1 Chrome | 2025-04-09 | 6.4 MEDIUM | N/A |
| Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409. | |||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. | |||||