VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2019-5881HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-5849HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2018-6138HigJun 27, 2019
    risk 0.53cvss 8.1epss 0.01

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2019-5755HigFeb 19, 2019
    risk 0.53cvss 8.1epss 0.02

    Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

  • CVE-2018-6034HigSep 25, 2018
    risk 0.53cvss 8.1epss 0.02

    Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5035HigApr 24, 2017
    risk 0.53cvss 8.1epss 0.01

    Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

  • CVE-2016-1671HigMay 14, 2016
    risk 0.53cvss 8.1epss 0.02

    Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.

  • CVE-2016-1651HigApr 18, 2016
    risk 0.53cvss 8.1epss 0.01

    fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service…

  • CVE-2026-11241HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-2887HigMar 26, 2024
    risk 0.52cvss 7.7epss 0.20

    Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2019-5797HigSep 29, 2022
    risk 0.52cvss 7.5epss 0.03

    Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-38000MedKEVNov 23, 2021
    risk 0.52cvss 6.1epss 0.04

    Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

  • CVE-2019-5796HigMay 23, 2019
    risk 0.52cvss 7.5epss 0.05

    Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5074HigOct 27, 2017
    risk 0.52cvss 8.0epss 0.01

    A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth.

  • CVE-2016-1661HigMay 14, 2016
    risk 0.52cvss 8.0epss 0.01

    Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…

  • CVE-2012-2897HigSep 26, 2012
    risk 0.52cvss 7.8epss 0.22

    The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other…

  • CVE-2026-11103HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-11072HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-10942HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-9987HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

Page 103 of 271