Total
3816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5346 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-01 | N/A | 8.8 HIGH |
|
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5472 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-01 | N/A | 8.8 HIGH |
|
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5476 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-05-01 | N/A | 8.8 HIGH |
|
Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5474 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-05-01 | N/A | 8.8 HIGH |
|
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
|
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2023-5482 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
|
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5856 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
|
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5855 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
|
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5854 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
|
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5852 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
|
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5849 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
|
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-3620 | 1 Google | 1 Chrome | 2025-04-23 | N/A | 8.8 HIGH |
|
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-0762 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0448 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-0447 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-0446 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2025-0443 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0442 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0441 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0440 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0439 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0438 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-3074 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3073 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3072 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3071 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-0436 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-0434 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
|
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2017-5020 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
|
|||||
| CVE-2016-5168 | 1 Google | 1 Chrome | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
|
|||||
| CVE-2017-5015 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
|
|||||
| CVE-2017-5038 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
|
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
|
|||||
| CVE-2016-5224 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
|
|||||
| CVE-2017-5072 | 1 Google | 2 Android, Chrome | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.
|
|||||
| CVE-2016-5209 | 1 Google | 1 Chrome | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2017-5008 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
|||||
| CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
|||||
| CVE-2017-5114 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
|
|||||
| CVE-2017-5086 | 4 Apple, Google, Microsoft and 1 more | 6 Macos, Chrome, Windows and 3 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
|
|||||