VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2024-3839MedApr 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-3516MedApr 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3515MedApr 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2630MedMar 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2626MedMar 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-25990MedMar 11, 2024
    risk 0.42cvss 6.4epss 0.00

    In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0045MedMar 11, 2024
    risk 0.42cvss 6.5epss 0.00

    In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-1671MedFeb 21, 2024
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-0032MedFeb 16, 2024
    risk 0.42cvss 6.5epss 0.00

    In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-0814MedJan 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-48420MedDec 8, 2023
    risk 0.42cvss 6.4epss 0.00

    there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-6512MedDec 6, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-40090MedDec 4, 2023
    risk 0.42cvss 6.5epss 0.01

    In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21395MedOct 30, 2023
    risk 0.42cvss 6.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21315MedOct 30, 2023
    risk 0.42cvss 6.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-5487MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2023-5484MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-5483MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-5481MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-5479MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-5475MedOct 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2023-35645MedOct 11, 2023
    risk 0.42cvss 6.4epss 0.00

    In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-4764MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4367MedAug 15, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4350MedAug 15, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-4955MedAug 4, 2023
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-2314MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-2311MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-4926MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-4925MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)

  • CVE-2022-4922MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-4915MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-4913MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-4911MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2021-4324MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)

  • CVE-2021-4323MedJul 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2023-2940MedMay 30, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-2459MedMay 3, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1823MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1822MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1821MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1819MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1817MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1816MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1814MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1813MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-21055MedMar 24, 2023
    risk 0.42cvss 6.4epss 0.00

    In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2023-1226MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1217MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…

  • CVE-2023-0704MedFeb 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)

Page 124 of 229