VYPR

Vendor CVEs

Google

All CVEs

11,415 total · sorted by risk
  • CVE-2019-5785MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2019-5784MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.02

    Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6168MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2018-6159MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2018-6155MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2018-6150MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-6148MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2018-6142MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-6136MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6134MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.

  • CVE-2018-17460MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2018-16077MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2018-16074MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2018-16073MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2018-16069MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-16064MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.00

    Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2017-5028MedJun 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-2019MedJun 19, 2019
    risk 0.42cvss 6.5epss 0.01

    In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2018-9564MedJun 19, 2019
    risk 0.42cvss 6.5epss 0.01

    In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2018-9563MedJun 19, 2019
    risk 0.42cvss 6.5epss 0.01

    In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2018-9561MedJun 19, 2019
    risk 0.42cvss 6.5epss 0.01

    In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-5803MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5802MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5801MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5800MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5799MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5794MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5793MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

  • CVE-2019-1996MedFeb 28, 2019
    risk 0.42cvss 6.5epss 0.00

    In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-5781MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5778MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome…

  • CVE-2019-5777MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5776MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5775MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5773MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.02

    Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

  • CVE-2019-5768MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

  • CVE-2019-5767MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

  • CVE-2019-5766MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.02

    Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5754MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

  • CVE-2018-9593MedFeb 11, 2019
    risk 0.42cvss 6.5epss 0.00

    In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional…

  • CVE-2018-9588MedFeb 11, 2019
    risk 0.42cvss 6.5epss 0.01

    In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no…

  • CVE-2018-6179MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

  • CVE-2018-6175MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6173MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6172MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6169MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.

  • CVE-2018-6167MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6166MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6165MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-6164MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.02

    Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Page 133 of 229