VYPR

ChromeOS

by Google

CVEs (72)

  • CVE-2016-5179CriMar 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.

  • CVE-2016-5169HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-15400HigFeb 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

  • CVE-2010-4577HigDec 22, 2010
    risk 0.49cvss 7.5epss 0.02

    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which…

  • CVE-2017-15397HigFeb 7, 2018
    risk 0.48cvss 7.4epss 0.00

    Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.

  • CVE-2017-5084LowOct 27, 2017
    risk 0.21cvss 3.3epss 0.00

    Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

  • CVE-2023-3739Aug 1, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

  • CVE-2023-3497Jul 3, 2023
    risk 0.00cvss epss 0.00

    Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)

  • CVE-2023-2458May 12, 2023
    risk 0.00cvss epss 0.01

    Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

  • CVE-2022-3658Nov 1, 2022
    risk 0.00cvss epss 0.00

    Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

  • CVE-2022-3318Nov 1, 2022
    risk 0.00cvss epss 0.00

    Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low)

  • CVE-2022-3050Sep 26, 2022
    risk 0.00cvss epss 0.01

    Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.

  • CVE-2022-3048Sep 26, 2022
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.

  • CVE-2022-2587Aug 12, 2022
    risk 0.00cvss epss 0.01

    Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

  • CVE-2022-0603Apr 4, 2022
    risk 0.00cvss epss 0.01

    Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-0308Feb 12, 2022
    risk 0.00cvss epss 0.01

    Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-38013Dec 23, 2021
    risk 0.00cvss epss 0.01

    Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-37964Oct 8, 2021
    risk 0.00cvss epss 0.01

    Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

  • CVE-2014-3180Nov 6, 2019
    risk 0.00cvss epss 0.01

    In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

  • CVE-2017-15403Jan 9, 2019
    risk 0.00cvss epss 0.01

    Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Page 1 of 4