VYPR

Skia

by Google

Source repositories

CVEs (30)

  • CVE-2026-9923HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4354HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2021-21113HigJan 8, 2021
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6540HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6520HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18356HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6071HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5131HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

  • CVE-2026-11663HigJun 9, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9893HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10020HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2016-2412HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by…

  • CVE-2013-6648HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).

  • CVE-2026-10993MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9981MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2019-9282MedSep 27, 2019
    risk 0.42cvss 6.5epss 0.01

    In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371

  • CVE-2018-6069MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.02

    Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-21147MedFeb 9, 2021
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15418MedAug 28, 2018
    risk 0.28cvss 4.3epss 0.02

    Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2026-11675LowJun 9, 2026
    risk 0.20cvss 3.1epss 0.00

    Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Page 1 of 2