VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2020-15988MedNov 3, 2020
    risk 0.41cvss 6.3epss 0.01

    Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.

  • CVE-2020-6569MedSep 21, 2020
    risk 0.41cvss 6.3epss 0.01

    Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6444MedApr 13, 2020
    risk 0.41cvss 6.3epss 0.01

    Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5071MedOct 27, 2017
    risk 0.41cvss 6.3epss 0.02

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5044MedApr 24, 2017
    risk 0.41cvss 6.3epss 0.02

    Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5038MedApr 24, 2017
    risk 0.41cvss 6.3epss 0.01

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5019MedFeb 17, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5014MedFeb 17, 2017
    risk 0.41cvss 6.3epss 0.01

    Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5221MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.

  • CVE-2016-5219MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5216MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2016-5215MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5190MedDec 18, 2016
    risk 0.41cvss 6.3epss 0.01

    Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

  • CVE-2016-1638MedMar 6, 2016
    risk 0.41cvss 6.3epss 0.01

    extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

  • CVE-2016-1628MedFeb 21, 2016
    risk 0.41cvss 6.3epss 0.02

    pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document,…

  • CVE-2026-11273MedJun 5, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11229MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low)

  • CVE-2026-11205MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted QR code. (Chromium security…

  • CVE-2026-11186MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11150MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Page 147 of 269