VYPR

Chrome

by Google

Source repositories

CVEs (5,372)

  • CVE-2025-1290Apr 17, 2025
    risk 0.00cvss epss 0.00

    A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread…

  • CVE-2025-1568Apr 16, 2025
    risk 0.00cvss epss 0.00

    Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via…

  • CVE-2025-2073Apr 16, 2025
    risk 0.00cvss epss 0.00

    Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure

  • CVE-2025-1704Apr 16, 2025
    risk 0.00cvss epss 0.00

    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

  • CVE-2025-1566Apr 16, 2025
    risk 0.00cvss epss 0.00

    DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

  • CVE-2025-3620Apr 16, 2025
    risk 0.00cvss epss 0.00

    Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-3619Apr 16, 2025
    risk 0.00cvss epss 0.00

    Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2025-1122Apr 15, 2025
    risk 0.00cvss epss 0.00

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

  • CVE-2025-1292Apr 15, 2025
    risk 0.00cvss epss 0.00

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

  • CVE-2025-3074Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3073Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3072Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3071Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3070Apr 2, 2025
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-3069Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-3068Apr 2, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-3067Apr 2, 2025
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)

  • CVE-2025-3066Apr 2, 2025
    risk 0.00cvss epss 0.00

    Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-2137Mar 10, 2025
    risk 0.00cvss epss 0.00

    Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-2136Mar 10, 2025
    risk 0.00cvss epss 0.00

    Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Page 199 of 269