VYPR

Vendor CVEs

Google

All CVEs

11,327 total · sorted by risk
  • CVE-2017-5121HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.05

    Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

  • CVE-2017-5116HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.13

    Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-5112HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.05

    Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-5098HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.16

    A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2015-5237HigSep 25, 2017
    risk 0.58cvss 8.8epss 0.05

    protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

  • CVE-2016-10229CriApr 4, 2017
    risk 0.58cvss 9.8epss 0.13

    udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

  • CVE-2016-5157HigSep 11, 2016
    risk 0.58cvss 8.8epss 0.05

    Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in…

  • CVE-2016-1669HigMay 14, 2016
    risk 0.58cvss 8.8epss 0.04

    The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have…

  • CVE-2016-0846HigApr 18, 2016
    risk 0.58cvss 8.4epss 0.01

    libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated…

  • CVE-2026-12035HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12020HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12018HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-12013HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12007HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11699HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11698HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11688HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11687HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11683HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11681HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11680HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11674HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11673HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11670HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-11664HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11662HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11657HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11650HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11649HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11646HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11637HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11633HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)

  • CVE-2026-11630HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11629HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11307HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11306HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11305HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11304HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11303HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11301HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11295HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11279HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11272HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11262HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11248HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11235HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11230HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11211HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11202HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Page 10 of 227