Vendor CVEs
All CVEs
11,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5121 | Hig | 0.58 | 8.8 | 0.05 | Oct 27, 2017 | Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | ||
| CVE-2017-5116 | Hig | 0.58 | 8.8 | 0.13 | Oct 27, 2017 | Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2017-5112 | Hig | 0.58 | 8.8 | 0.05 | Oct 27, 2017 | Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2017-5098 | Hig | 0.58 | 8.8 | 0.16 | Oct 27, 2017 | A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2015-5237 | Hig | 0.58 | 8.8 | 0.05 | Sep 25, 2017 | protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | ||
| CVE-2016-10229 | Cri | 0.58 | 9.8 | 0.13 | Apr 4, 2017 | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | ||
| CVE-2016-5157 | Hig | 0.58 | 8.8 | 0.05 | Sep 11, 2016 | Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in… | ||
| CVE-2016-1669 | Hig | 0.58 | 8.8 | 0.04 | May 14, 2016 | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have… | ||
| CVE-2016-0846 | Hig | 0.58 | 8.4 | 0.01 | Apr 18, 2016 | libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated… | ||
| CVE-2026-12035 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-12020 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-12018 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||
| CVE-2026-12013 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-12007 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2026-11699 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11698 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11688 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11687 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11683 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11681 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11680 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11674 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11673 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11670 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2026-11664 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11662 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11657 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11650 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11649 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11648 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11646 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11637 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2026-11633 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical) | ||
| CVE-2026-11630 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2026-11629 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2026-11307 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2026-11306 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2026-11305 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2026-11304 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2026-11303 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2026-11301 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low) | ||
| CVE-2026-11295 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11279 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11272 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11262 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11248 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2026 | Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11235 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11230 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11211 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11202 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
- risk 0.58cvss 8.8epss 0.05
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
- risk 0.58cvss 8.8epss 0.13
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.05
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.16
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.05
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
- risk 0.58cvss 9.8epss 0.13
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
- risk 0.58cvss 8.8epss 0.05
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in…
- risk 0.58cvss 8.8epss 0.04
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have…
- risk 0.58cvss 8.4epss 0.01
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated…
- risk 0.57cvss 8.8epss 0.00
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.57cvss 8.8epss 0.00
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.57cvss 8.8epss 0.00
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)
- risk 0.57cvss 8.8epss 0.00
Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.57cvss 8.8epss 0.00
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- risk 0.57cvss 8.8epss 0.00
Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Page 10 of 227