Chromium
by Chromium
Source repositories
CVEs (477)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30618 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||
| CVE-2021-30617 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30617 Policy bypass in Blink | |||
| CVE-2021-30616 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30616 Use after free in Media | |||
| CVE-2021-30614 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||
| CVE-2021-30611 | 0.00 | — | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30611 Use after free in WebRTC | |||
| CVE-2021-30606 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30606 Use after free in Blink | |||
| CVE-2015-1346 | 0.00 | — | 0.01 | Jan 22, 2015 | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1205 | 0.00 | — | 0.02 | Jan 22, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-7943 | 0.00 | — | 0.02 | Jan 22, 2015 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2014-7942 | 0.00 | — | 0.02 | Jan 22, 2015 | The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7941 | 0.00 | — | 0.02 | Jan 22, 2015 | The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via… | |||
| CVE-2014-7939 | 0.00 | — | 0.03 | Jan 22, 2015 | Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options:… | |||
| CVE-2013-2847 | 0.00 | — | 0.01 | May 22, 2013 | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-2843 | 0.00 | — | 0.01 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-1797 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-1191 | 0.00 | — | 0.02 | Mar 11, 2011 | Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs. | |||
| CVE-2010-3117 | 0.00 | — | 0.01 | Aug 24, 2010 | Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors. |
- CVE-2021-30618Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
- CVE-2021-30617Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30617 Policy bypass in Blink
- CVE-2021-30616Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30616 Use after free in Media
- CVE-2021-30614Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
- CVE-2021-30611Sep 3, 2021risk 0.00cvss —epss 0.03
Chromium: CVE-2021-30611 Use after free in WebRTC
- CVE-2021-30606Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30606 Use after free in Blink
- CVE-2015-1346Jan 22, 2015risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1205Jan 22, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7943Jan 22, 2015risk 0.00cvss —epss 0.02
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2014-7942Jan 22, 2015risk 0.00cvss —epss 0.02
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7941Jan 22, 2015risk 0.00cvss —epss 0.02
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via…
- CVE-2014-7939Jan 22, 2015risk 0.00cvss —epss 0.03
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options:…
- CVE-2013-2847May 22, 2013risk 0.00cvss —epss 0.01
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
- CVE-2011-2843Sep 19, 2011risk 0.00cvss —epss 0.01
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-1797Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-1191Mar 11, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.
- CVE-2010-3117Aug 24, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.
Page 24 of 24