VYPR

Skia

by Google

Source repositories

CVEs (30)

  • CVE-2026-8579LowMay 14, 2026
    risk 0.20cvss 3.1epss 0.00

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)

  • CVE-2026-14429Jul 3, 2026
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-14387Jul 3, 2026
    risk 0.00cvss epss 0.00

    Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-14414Jul 3, 2026
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…

  • CVE-2026-14410Jul 3, 2026
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-13885Jul 1, 2026
    risk 0.00cvss epss 0.00

    Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2015-3877Oct 6, 2015
    risk 0.00cvss epss 0.02

    Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.

  • CVE-2014-7909Nov 19, 2014
    risk 0.00cvss epss 0.02

    effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.

  • CVE-2011-3104May 24, 2012
    risk 0.00cvss epss 0.01

    Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2009-1442May 7, 2009
    risk 0.00cvss epss 0.02

    Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

Page 2 of 2