VYPR

Vendor CVEs

Chromium

All CVEs

483 total · sorted by risk
  • CVE-2025-7657Jul 15, 2025
    risk 0.00cvss epss 0.01

    Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-6512Dec 6, 2023
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-5485Oct 11, 2023
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1220Mar 7, 2023
    risk 0.00cvss epss 0.01

    Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-1218Mar 7, 2023
    risk 0.00cvss epss 0.01

    Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-4184Nov 29, 2022
    risk 0.00cvss epss 0.01

    Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-3306Nov 1, 2022
    risk 0.00cvss epss 0.01

    Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2021-30624Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30624 Use after free in Autofill

  • CVE-2021-30622Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30622 Use after free in WebApp Installs

  • CVE-2021-30621Sep 3, 2021
    risk 0.00cvss epss 0.03

    Chromium: CVE-2021-30621 UI Spoofing in Autofill

  • CVE-2021-30620Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

  • CVE-2021-30619Sep 3, 2021
    risk 0.00cvss epss 0.03

    Chromium: CVE-2021-30619 UI Spoofing in Autofill

  • CVE-2021-30618Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

  • CVE-2021-30617Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30617 Policy bypass in Blink

  • CVE-2021-30616Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30616 Use after free in Media

  • CVE-2021-30614Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

  • CVE-2021-30611Sep 3, 2021
    risk 0.00cvss epss 0.03

    Chromium: CVE-2021-30611 Use after free in WebRTC

  • CVE-2021-30606Sep 3, 2021
    risk 0.00cvss epss 0.04

    Chromium: CVE-2021-30606 Use after free in Blink

  • CVE-2015-1346Jan 22, 2015
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1205Jan 22, 2015
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-7943Jan 22, 2015
    risk 0.00cvss epss 0.02

    Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2014-7942Jan 22, 2015
    risk 0.00cvss epss 0.02

    The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2014-7941Jan 22, 2015
    risk 0.00cvss epss 0.02

    The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via…

  • CVE-2014-7939Jan 22, 2015
    risk 0.00cvss epss 0.03

    Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options:…

  • CVE-2013-2849May 22, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.

  • CVE-2013-2847May 22, 2013
    risk 0.00cvss epss 0.01

    Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2012-2850Aug 6, 2012
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.

  • CVE-2011-2843Sep 19, 2011
    risk 0.00cvss epss 0.01

    Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-2782Aug 3, 2011
    risk 0.00cvss epss 0.01

    The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2011-1797Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-1291Mar 25, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."

  • CVE-2011-1191Mar 11, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.

  • CVE-2010-3117Aug 24, 2010
    risk 0.00cvss epss 0.01

    Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.

Page 10 of 10