Total
3816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1305 | 3 Apple, Google, Linux | 3 Macos, Chrome, Linux Kernel | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.
|
|||||
| CVE-2011-2843 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
|||||
| CVE-2013-2914 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.
|
|||||
| CVE-2013-2862 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2013-2901 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2012-5112 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2011-2792 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
|
|||||
| CVE-2011-3888 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.
|
|||||
| CVE-2010-2109 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
|
|||||
| CVE-2011-3095 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
|
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
|||||
| CVE-2010-4203 | 3 Google, Redhat, Webmproject | 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
|
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
|
|||||
| CVE-2011-2790 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
|
|||||
| CVE-2013-0922 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-3016 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
|
|||||
| CVE-2013-6655 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout.
|
|||||
| CVE-2010-4574 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
|
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
|
|||||
| CVE-2011-3062 | 2 Google, Mozilla | 5 Chrome, Firefox, Seamonkey and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
|
|||||
| CVE-2013-2911 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.
|
|||||
| CVE-2012-2855 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
|||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2011-1436 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2010-3256 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-1193 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
|||||
| CVE-2010-3411 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
|
|||||
| CVE-2011-3081 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
|
|||||
| CVE-2011-3886 | 1 Google | 2 Chrome, V8 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
|
|||||
| CVE-2012-2870 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxslt | 2025-04-11 | 4.3 MEDIUM | N/A |
|
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
|
|||||
| CVE-2011-1124 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.
|
|||||
| CVE-2010-1229 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
|
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-1112 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2011-2835 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
|
|||||
| CVE-2013-0843 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.
|
|||||
| CVE-2012-2858 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
|
|||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverl ...
Show More |
|||||
| CVE-2011-3910 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
|||||
| CVE-2012-5122 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
|||||
| CVE-2012-5136 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
|
|||||
| CVE-2012-5120 | 2 Google, Linux | 3 Chrome, V8, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
|
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array.
|
|||||
| CVE-2011-1465 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
|
|||||
| CVE-2011-2787 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||