Total
3816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15390 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
|
|||||
| CVE-2017-15389 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2017-15388 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
|||||
| CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
|
|||||
| CVE-2017-15386 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2017-1000460 | 3 Ffmpeg, Google, Libav | 3 Ffmpeg, Chrome, Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
|
|||||
| CVE-2016-9652 | 1 Google | 1 Chrome | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
|
|||||
| CVE-2016-9651 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
|
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
|
|||||
| CVE-2016-5194 | 1 Google | 1 Chrome | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
|
|||||
| CVE-2016-10403 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
|
|||||
| CVE-2015-1290 | 3 Google, Opensuse, Qt | 3 Chrome, Leap, Qt | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
|
|||||
| CVE-2011-2863 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
|||||
| CVE-2011-1805 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
|
|||||
| CVE-2024-10230 | 1 Google | 1 Chrome | 2024-10-31 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7255 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 8.8 HIGH |
|
Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
|
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
|
|||||
| CVE-2024-10229 | 1 Google | 1 Chrome | 2024-10-25 | N/A | 8.1 HIGH |
|
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
|
|||||
| CVE-2024-10231 | 1 Google | 1 Chrome | 2024-10-25 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7973 | 1 Google | 1 Chrome | 2024-10-24 | N/A | 8.8 HIGH |
|
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7535 | 1 Google | 1 Chrome | 2024-10-24 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-9954 | 1 Google | 1 Chrome | 2024-10-22 | N/A | 8.8 HIGH |
|
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8198 | 1 Google | 1 Chrome | 2024-10-15 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7534 | 1 Google | 1 Chrome | 2024-10-15 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8639 | 1 Google | 2 Android, Chrome | 2024-09-13 | N/A | 8.8 HIGH |
|
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8638 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8637 | 1 Google | 2 Android, Chrome | 2024-09-13 | N/A | 8.8 HIGH |
|
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8636 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8194 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8193 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7969 | 1 Google | 1 Chrome | 2024-08-28 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7968 | 1 Google | 1 Chrome | 2024-08-27 | N/A | 8.8 HIGH |
|
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7967 | 1 Google | 1 Chrome | 2024-08-27 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7966 | 1 Google | 1 Chrome | 2024-08-27 | N/A | 8.8 HIGH |
|
Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7964 | 1 Google | 2 Android, Chrome | 2024-08-27 | N/A | 8.8 HIGH |
|
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7979 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7972 | 1 Google | 1 Chrome | 2024-08-26 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||