VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2017-15403HigJan 9, 2019
    risk 0.48cvss 7.3epss 0.01

    Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2026-11115HigJun 4, 2026
    risk 0.47cvss 7.3epss 0.00

    Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-11035HigJun 4, 2026
    risk 0.47cvss 7.3epss 0.00

    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security severity: Medium)

  • CVE-2026-11269HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2025-11206HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-2460HigMay 3, 2023
    risk 0.46cvss 7.1epss 0.01

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2020-6519MedJul 22, 2020
    risk 0.46cvss 6.5epss 0.11

    Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2017-15405HigJan 9, 2019
    risk 0.46cvss 7.0epss 0.00

    Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local…

  • CVE-2016-5173HigSep 25, 2016
    risk 0.46cvss 7.1epss 0.01

    The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via…

  • CVE-2014-1745HigMay 21, 2014
    risk 0.46cvss 7.1epss 0.02

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object,…

  • CVE-2021-21215MedApr 26, 2021
    risk 0.45cvss 6.5epss 0.34

    Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2018-6130MedJun 27, 2019
    risk 0.45cvss 6.5epss 0.03

    Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2018-6129MedJun 27, 2019
    risk 0.45cvss 6.5epss 0.03

    Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2026-11628MedJun 9, 2026
    risk 0.44cvss 6.8epss 0.00

    Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critical)

  • CVE-2026-11218MedJun 4, 2026
    risk 0.44cvss 6.8epss 0.00

    Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11166MedJun 4, 2026
    risk 0.44cvss 6.8epss 0.00

    Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5893MedApr 8, 2026
    risk 0.44cvss 6.8epss 0.00

    Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1292MedApr 15, 2025
    risk 0.44cvss 6.7epss 0.00

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

  • CVE-2025-1122MedApr 15, 2025
    risk 0.44cvss 6.7epss 0.00

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

  • CVE-2025-1121MedMar 7, 2025
    risk 0.44cvss 6.8epss 0.00

    Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

Page 112 of 271