VYPR

Chrome

by Google

Source repositories

CVEs (4,993)

  • CVE-2026-5288CriApr 1, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2015-8664HigDec 24, 2015
    risk 0.61cvss 8.8epss 0.06

    Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a…

  • CVE-2026-11153CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.00

    Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9891CriMay 28, 2026
    risk 0.59cvss 9.0epss 0.00

    Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)

  • CVE-2026-9881CriMay 28, 2026
    risk 0.59cvss 9.0epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)

  • CVE-2017-5115HigOct 27, 2017
    risk 0.59cvss 8.8epss 0.26

    Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2017-15399HigAug 28, 2018
    risk 0.58cvss 8.8epss 0.05

    A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5121HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.05

    Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

  • CVE-2017-5116HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.13

    Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-5112HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.05

    Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-5098HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.16

    A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5157HigSep 11, 2016
    risk 0.58cvss 8.8epss 0.05

    Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in…

  • CVE-2016-1669HigMay 14, 2016
    risk 0.58cvss 8.8epss 0.04

    The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have…

  • CVE-2026-12035HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12020HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12018HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-12013HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12007HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11699HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11698HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 7 of 250