VYPR

Chrome

by Google

Source repositories

CVEs (5,320)

  • CVE-2020-6469CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-6461CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6457CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-5825MedKEVNov 25, 2019
    risk 0.62cvss 6.5epss 0.56

    Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5850CriNov 25, 2019
    risk 0.62cvss 9.6epss 0.01

    Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-5786MedKEVJun 27, 2019
    risk 0.62cvss 6.5epss 0.62

    Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2017-15402CriJan 9, 2019
    risk 0.62cvss 9.6epss 0.01

    Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer…

  • CVE-2023-6702HigDec 14, 2023
    risk 0.61cvss 8.8epss 0.43

    Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4357HigAug 15, 2023
    risk 0.61cvss 8.8epss 0.46

    Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-2010CriJul 28, 2022
    risk 0.61cvss 9.3epss 0.01

    Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-5789HigMay 23, 2019
    risk 0.61cvss 8.8epss 0.07

    An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

  • CVE-2019-5788HigMay 23, 2019
    risk 0.61cvss 8.8epss 0.07

    An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

  • CVE-2018-6126HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.08

    A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-16083HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.05

    An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-16071HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.05

    A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2016-9651HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.11

    A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-6092HigDec 4, 2018
    risk 0.61cvss 8.8epss 0.09

    An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-6064HigNov 14, 2018
    risk 0.61cvss 8.8epss 0.07

    Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2015-8664HigDec 24, 2015
    risk 0.61cvss 8.8epss 0.06

    Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a…

  • CVE-2023-6112HigNov 15, 2023
    risk 0.60cvss 8.8epss 0.30

    Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 13 of 266