VYPR

Chrome

by Google

Source repositories

CVEs (5,320)

  • CVE-2014-3172Aug 27, 2014
    risk 0.00cvss epss 0.02

    The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a…

  • CVE-2014-3171Aug 27, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set…

  • CVE-2014-3170Aug 27, 2014
    risk 0.00cvss epss 0.02

    extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

  • CVE-2014-3169Aug 27, 2014
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs…

  • CVE-2014-3168Aug 27, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

  • CVE-2014-3167Aug 13, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-3166Aug 13, 2014
    risk 0.00cvss epss 0.01

    The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by…

  • CVE-2014-3165Aug 13, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

  • CVE-2014-3162Jul 20, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-3161Jul 20, 2014
    risk 0.00cvss epss 0.01

    The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site…

  • CVE-2014-3160Jul 20, 2014
    risk 0.00cvss epss 0.01

    The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a…

  • CVE-2014-3159Jul 20, 2014
    risk 0.00cvss epss 0.01

    The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the…

  • CVE-2014-3157Jun 11, 2014
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame…

  • CVE-2014-3156Jun 11, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_cli…

  • CVE-2014-3155Jun 11, 2014
    risk 0.00cvss epss 0.02

    net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

  • CVE-2014-3154Jun 11, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a…

  • CVE-2014-3803May 21, 2014
    risk 0.00cvss epss 0.01

    The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

  • CVE-2014-3152May 21, 2014
    risk 0.00cvss epss 0.02

    Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors…

  • CVE-2014-1749May 21, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-1748May 21, 2014
    risk 0.00cvss epss 0.02

    The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Page 221 of 266