VYPR

Chrome

by Google

Source repositories

CVEs (4,993)

  • CVE-2010-4042CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.02

    Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

  • CVE-2010-4041CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.02

    The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2010-4039CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.01

    Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.

  • CVE-2010-3729CriOct 5, 2010
    risk 0.64cvss 9.8epss 0.02

    The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2010-3416CriSep 16, 2010
    risk 0.64cvss 9.8epss 0.01

    Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-5053CriOct 27, 2017
    risk 0.63cvss 9.6epss 0.03

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.

  • CVE-2016-1706CriJul 23, 2016
    risk 0.63cvss 9.6epss 0.02

    The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected…

  • CVE-2012-5376CriOct 11, 2012
    risk 0.63cvss 9.6epss 0.02

    The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

  • CVE-2026-12027CriJun 11, 2026
    risk 0.62cvss 9.6epss 0.00

    Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11697CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11671CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11659CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11654CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11651CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11638CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11634CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11293CriJun 5, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11282CriJun 5, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11250CriJun 5, 2026
    risk 0.62cvss 9.6epss 0.00

    Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11213CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Page 3 of 250