Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6655 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout.
|
|||||
| CVE-2012-1482 | 2 Google, Touchpal | 2 Android, Touchpal Contacts | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors.
|
|||||
| CVE-2012-5280 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
|
|||||
| CVE-2010-4574 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
|
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
|
|||||
| CVE-2011-3062 | 2 Google, Mozilla | 5 Chrome, Firefox, Seamonkey and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
|
|||||
| CVE-2013-2911 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
|
|||||
| CVE-2012-2855 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
|||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2011-1436 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2010-3256 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-2170 | 1 Google | 1 Chrome Os | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.
|
|||||
| CVE-2012-1408 | 2 Creative Core, Google | 2 App Lock, Android | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors.
|
|||||
| CVE-2011-1193 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
|||||
| CVE-2010-3411 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
|
|||||
| CVE-2011-3081 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
|
|||||
| CVE-2011-3886 | 1 Google | 2 Chrome, V8 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
|
|||||
| CVE-2011-2426 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2012-2870 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxslt | 2025-04-11 | 4.3 MEDIUM | N/A |
|
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
|
|||||
| CVE-2011-1124 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.
|
|||||
| CVE-2010-1229 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
|
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-1112 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2011-2835 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
|
|||||
| CVE-2013-0843 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.
|
|||||
| CVE-2013-1731 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.
|
|||||
| CVE-2012-2858 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
|
|||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverl ...
Show More |
|||||
| CVE-2011-3910 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
|||||
| CVE-2012-5122 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
|||||
| CVE-2012-5136 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
|
|||||
| CVE-2012-5120 | 2 Google, Linux | 3 Chrome, V8, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
|
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array.
|
|||||
| CVE-2011-1465 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
|
|||||
| CVE-2011-2787 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2012-2834 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
|
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
|
|||||
| CVE-2010-3646 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
|
|||||
| CVE-2011-3018 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
|
|||||
| CVE-2012-2882 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
|
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
|
|||||
| CVE-2011-3076 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
|
|||||
| CVE-2011-2838 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2012-2891 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
|
|||||
| CVE-2012-2832 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
|||||