Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13664 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-13662 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2011-1803 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2019 | An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | ||
| CVE-2011-1802 | Med | 0.42 | 6.5 | 0.01 | Nov 12, 2019 | WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | ||
| CVE-2011-2334 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2019 | Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | ||
| CVE-2011-2336 | Med | 0.42 | 6.5 | 0.01 | Nov 7, 2019 | An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | ||
| CVE-2011-2807 | Med | 0.42 | 6.5 | 0.00 | Nov 7, 2019 | Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. | ||
| CVE-2011-2353 | Med | 0.42 | 6.5 | 0.01 | Nov 7, 2019 | Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. | ||
| CVE-2011-2808 | Med | 0.42 | 6.5 | 0.01 | Nov 6, 2019 | A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | ||
| CVE-2011-1459 | Med | 0.42 | 6.5 | 0.01 | Nov 5, 2019 | The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. | ||
| CVE-2019-5837 | Med | 0.42 | 6.5 | 0.02 | Jun 27, 2019 | Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-5835 | Med | 0.42 | 6.5 | 0.02 | Jun 27, 2019 | Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | ||
| CVE-2019-5834 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-5832 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-5830 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-5818 | Med | 0.42 | 6.5 | 0.02 | Jun 27, 2019 | Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | ||
| CVE-2019-5814 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-5812 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-5810 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-5805 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2019 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.00
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
- risk 0.42cvss 6.5epss 0.01
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
- risk 0.42cvss 6.5epss 0.00
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.
- risk 0.42cvss 6.5epss 0.01
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.
- risk 0.42cvss 6.5epss 0.00
Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
- risk 0.42cvss 6.5epss 0.01
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.
- risk 0.42cvss 6.5epss 0.01
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
- risk 0.42cvss 6.5epss 0.01
The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin.
- risk 0.42cvss 6.5epss 0.02
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Page 136 of 269