Total
3816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0997 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.1 HIGH |
|
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
|
|||||
| CVE-2025-1426 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-1006 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
|
|||||
| CVE-2025-0999 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-1920 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-2135 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-2136 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-2137 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-3068 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-3069 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-3070 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 6.5 MEDIUM |
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1914 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
|
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-1915 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-01 | N/A | 8.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1916 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
|
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1917 | 1 Google | 2 Android, Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1918 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
|
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1919 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
|
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1921 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-1922 | 1 Google | 2 Android, Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-1923 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2025-2476 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
|
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-29 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-4950 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-2887 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 7.7 HIGH |
|
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-27 | N/A | 8.8 HIGH |
|
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-1671 | 1 Google | 1 Chrome | 2025-03-27 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-3157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-27 | N/A | 9.6 CRITICAL |
|
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)
|
|||||
| CVE-2024-8034 | 1 Google | 2 Android, Chrome | 2025-03-27 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-2626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-26 | N/A | 6.5 MEDIUM |
|
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9966 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 5.3 MEDIUM |
|
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-9964 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2024-9963 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9962 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9958 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-8906 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7975 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2018-20072 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 7.8 HIGH |
|
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
|
|||||
| CVE-2024-8033 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||