VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2025-11209HigNov 6, 2025
    risk 0.53cvss 8.2epss 0.00

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1290HigApr 17, 2025
    risk 0.53cvss 8.1epss 0.00

    A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread…

  • CVE-2025-1915HigMar 5, 2025
    risk 0.53cvss 8.1epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium…

  • CVE-2025-0997HigFeb 15, 2025
    risk 0.53cvss 8.1epss 0.00

    Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2025-0611HigJan 22, 2025
    risk 0.53cvss 8.2epss 0.00

    Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10229HigOct 22, 2024
    risk 0.53cvss 8.1epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-5158HigMay 22, 2024
    risk 0.53cvss 8.1epss 0.01

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4761HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4431HigAug 23, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4070HigAug 3, 2023
    risk 0.53cvss 8.1epss 0.01

    Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-1130HigJul 23, 2022
    risk 0.53cvss 8.1epss 0.01

    Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

  • CVE-2022-0114HigFeb 12, 2022
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.

  • CVE-2021-30593HigAug 26, 2021
    risk 0.53cvss 8.1epss 0.02

    Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-30536HigJun 7, 2021
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

  • CVE-2021-30511HigJun 4, 2021
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-21205HigApr 26, 2021
    risk 0.53cvss 8.1epss 0.01

    Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-21172HigMar 9, 2021
    risk 0.53cvss 8.1epss 0.02

    Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2021-21125HigFeb 9, 2021
    risk 0.53cvss 8.1epss 0.08

    Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2020-16041HigJan 8, 2021
    risk 0.53cvss 8.1epss 0.02

    Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-16040MedJan 8, 2021
    risk 0.53cvss 6.5epss 1.00

    Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Page 102 of 271