VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2022-1145HigJul 23, 2022
    risk 0.49cvss 7.5epss 0.01

    Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.

  • CVE-2021-37991HigNov 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30603HigAug 26, 2021
    risk 0.49cvss 7.5epss 0.04

    Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16021HigJan 8, 2021
    risk 0.49cvss 7.5epss 0.01

    Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.

  • CVE-2019-5815HigDec 11, 2019
    risk 0.49cvss 7.5epss 0.02

    Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

  • CVE-2011-2335HigNov 12, 2019
    risk 0.49cvss 7.5epss 0.01

    A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

  • CVE-2011-1298HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

  • CVE-2018-6158HigJan 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6101HigDec 4, 2018
    risk 0.49cvss 7.5epss 0.03

    A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.

  • CVE-2018-6061HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5068HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

  • CVE-2016-5168HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.02

    Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

  • CVE-2016-5141HigAug 7, 2016
    risk 0.49cvss 7.5epss 0.01

    Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

  • CVE-2016-5127HigJul 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import…

  • CVE-2016-1700HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1691HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and…

  • CVE-2016-1690HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1684HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact…

  • CVE-2016-1683HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

  • CVE-2016-1656HigApr 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

Page 110 of 271