VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2016-1619HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have…

  • CVE-2016-1613HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper…

  • CVE-2016-1612HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have…

  • CVE-2010-4577HigDec 22, 2010
    risk 0.49cvss 7.5epss 0.02

    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which…

  • CVE-2010-4038HigOct 21, 2010
    risk 0.49cvss 7.5epss 0.02

    The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2026-10976HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10973HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.01

    Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10968HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-6177HigJun 16, 2025
    risk 0.48cvss 7.4epss 0.00

    Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and…

  • CVE-2019-13768HigJan 2, 2023
    risk 0.48cvss 7.4epss 0.01

    Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

  • CVE-2022-3308HigNov 1, 2022
    risk 0.48cvss 7.4epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2021-4098HigFeb 11, 2022
    risk 0.48cvss 7.4epss 0.01

    Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-37980HigNov 2, 2021
    risk 0.48cvss 7.4epss 0.01

    Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

  • CVE-2021-21198HigApr 9, 2021
    risk 0.48cvss 7.4epss 0.02

    Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-5880HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13673HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13668HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13666HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-17470HigJan 9, 2019
    risk 0.48cvss 7.4epss 0.02

    A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2018-16081HigJan 9, 2019
    risk 0.48cvss 7.4epss 0.01

    Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome…

Page 111 of 271