VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2017-5129HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5128HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.

  • CVE-2017-5127HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5125HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15393HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

  • CVE-2017-15388HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15387HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.

  • CVE-2015-1290HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.03

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

  • CVE-2017-5122HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

  • CVE-2017-5114HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5113HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5111HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5108HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

  • CVE-2017-5100HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5099HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.

  • CVE-2017-5097HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5095HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

  • CVE-2017-5092HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2017-5091HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5088HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Page 85 of 271