VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2026-7345HigApr 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6921HigApr 23, 2026
    risk 0.54cvss 8.3epss 0.00

    Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

  • CVE-2026-6361HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-6314HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6311HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6310HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6309HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6304HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6297HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-11114HigNov 12, 2024
    risk 0.54cvss 8.3epss 0.00

    Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4428HigAug 23, 2023
    risk 0.54cvss 8.1epss 0.11

    Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4068HigAug 3, 2023
    risk 0.54cvss 8.1epss 0.15

    Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2020-6575HigSep 21, 2020
    risk 0.54cvss 8.3epss 0.01

    Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2018-6084HigJan 9, 2019
    risk 0.54cvss 7.8epss 0.01

    Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

  • CVE-2026-12012HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-11693HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11689HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11643HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-11231HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11224HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)

Page 100 of 271