| Max CVSS | 6.8 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-2060 | 5.8 |
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attacke
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-0411 | 5.0 |
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and
|
08-08-2017 - 01:33 | 03-02-2009 - 19:30 | |
| CVE-2009-2071 | 6.8 |
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid cer
|
23-06-2009 - 05:33 | 15-06-2009 - 19:30 | |
| CVE-2009-0276 | 5.0 |
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive in
|
04-02-2009 - 05:00 | 03-02-2009 - 19:30 |