apk package
chainguard/chromium
pkg:apk/chainguard/chromium
Vulnerabilities (1,378)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7973 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2024-7972 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-7971 | — | KEV | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-7969 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7968 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7967 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7966 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7965 | — | KEV | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-7964 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7550 | — | < 127.0.6533.119-r0 | 127.0.6533.119-r0 | Aug 6, 2024 | Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7536 | — | < 127.0.6533.119-r0 | 127.0.6533.119-r0 | Aug 6, 2024 | Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7535 | — | < 127.0.6533.119-r0 | 127.0.6533.119-r0 | Aug 6, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7534 | — | < 127.0.6533.119-r0 | 127.0.6533.119-r0 | Aug 6, 2024 | Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7533 | — | < 0 | 0 | Aug 6, 2024 | Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7532 | — | < 127.0.6533.119-r0 | 127.0.6533.119-r0 | Aug 6, 2024 | Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2024-7003 | — | < 127.0.6533.72-r0 | 127.0.6533.72-r0 | Aug 6, 2024 | Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2024-6999 | — | < 127.0.6533.72-r0 | 127.0.6533.72-r0 | Aug 6, 2024 | Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-6998 | — | < 127.0.6533.72-r0 | 127.0.6533.72-r0 | Aug 6, 2024 | Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-6997 | — | < 127.0.6533.72-r0 | 127.0.6533.72-r0 | Aug 6, 2024 | Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-6996 | — | < 127.0.6533.72-r0 | 127.0.6533.72-r0 | Aug 6, 2024 | Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
- CVE-2024-7973Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
- CVE-2024-7972Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7969Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7968Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7967Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7966Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7964Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7550Aug 6, 2024affected < 127.0.6533.119-r0fixed 127.0.6533.119-r0
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7536Aug 6, 2024affected < 127.0.6533.119-r0fixed 127.0.6533.119-r0
Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7535Aug 6, 2024affected < 127.0.6533.119-r0fixed 127.0.6533.119-r0
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7534Aug 6, 2024affected < 127.0.6533.119-r0fixed 127.0.6533.119-r0
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7533Aug 6, 2024affected < 0fixed 0
Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7532Aug 6, 2024affected < 127.0.6533.119-r0fixed 127.0.6533.119-r0
Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2024-7003Aug 6, 2024affected < 127.0.6533.72-r0fixed 127.0.6533.72-r0
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-6999Aug 6, 2024affected < 127.0.6533.72-r0fixed 127.0.6533.72-r0
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-6998Aug 6, 2024affected < 127.0.6533.72-r0fixed 127.0.6533.72-r0
Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-6997Aug 6, 2024affected < 127.0.6533.72-r0fixed 127.0.6533.72-r0
Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-6996Aug 6, 2024affected < 127.0.6533.72-r0fixed 127.0.6533.72-r0
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Page 63 of 69