VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2026-7997HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

  • CVE-2026-7994HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7990HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7925HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-7913HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2025-2509HigMay 6, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in…

  • CVE-2024-9956HigOct 15, 2024
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-7018HigSep 23, 2024
    risk 0.51cvss 7.8epss 0.00

    Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2018-20072HigSep 23, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2024-7980HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

  • CVE-2024-7979HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

  • CVE-2024-7977HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2023-7261HigJun 7, 2024
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2019-13689HigAug 25, 2023
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

  • CVE-2023-2939HigMay 30, 2023
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

  • CVE-2022-0301HigFeb 12, 2022
    risk 0.51cvss 7.8epss 0.00

    Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-37969HigOct 8, 2021
    risk 0.51cvss 7.8epss 0.01

    Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

  • CVE-2021-30605HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

  • CVE-2021-30577HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.

  • CVE-2021-21117HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

Page 104 of 271