VYPR

V8

by Google

Source repositories

CVEs (108)

  • CVE-2017-5070HigKEVOct 27, 2017
    risk 0.72cvss 8.8epss 0.31

    Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-2843CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-2051CriJan 25, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-6764CriDec 6, 2015
    risk 0.64cvss 9.8epss 0.05

    The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access)…

  • CVE-2017-5121HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.05

    Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

  • CVE-2016-1669HigMay 14, 2016
    risk 0.58cvss 8.8epss 0.04

    The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have…

  • CVE-2026-9968HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9896HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2017-15413HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5132HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

  • CVE-2017-5122HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

  • CVE-2016-5200HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.02

    V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5129HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

  • CVE-2016-5128HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1678HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…

  • CVE-2016-1653HigApr 18, 2016
    risk 0.57cvss 8.8epss 0.03

    The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write…

  • CVE-2016-3679HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2017-15396MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15422MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5172MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

Page 1 of 6