VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2018-17469HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17466HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.03

    Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-17465HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-6055HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

  • CVE-2018-6054HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

  • CVE-2018-6043HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

  • CVE-2018-6035HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

  • CVE-2018-6033HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

  • CVE-2018-6031HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15406HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15413HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15411HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15409HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2017-15407HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

  • CVE-2017-5133HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.

  • CVE-2017-5132HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

  • CVE-2017-5131HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

  • CVE-2017-5130HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

Page 84 of 271