VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2020-16007HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

  • CVE-2020-15983HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-15980HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

  • CVE-2020-6574HigSep 21, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

  • CVE-2020-6546HigSep 21, 2020
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

  • CVE-2020-6510HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.02

    Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6477HigMay 21, 2020
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

  • CVE-2020-6417HigFeb 11, 2020
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.

  • CVE-2019-13706HigNov 25, 2019
    risk 0.51cvss 7.8epss 0.01

    Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-13702HigNov 25, 2019
    risk 0.51cvss 7.8epss 0.01

    Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

  • CVE-2019-5819HigJun 27, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.

  • CVE-2018-6176HigJun 27, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.

  • CVE-2019-5780HigFeb 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

  • CVE-2017-15404HigJan 9, 2019
    risk 0.51cvss 7.8epss 0.00

    An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted…

  • CVE-2017-5039HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5037HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5036HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

  • CVE-2010-4040HigOct 21, 2010
    risk 0.51cvss 7.8epss 0.01

    Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

  • CVE-2026-11297HigJun 5, 2026
    risk 0.50cvss 7.7epss 0.00

    Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

  • CVE-2022-3842HigJan 2, 2023
    risk 0.50cvss 7.5epss 0.18

    Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 105 of 271