VYPR

Vendor CVEs

Google

All CVEs

11,415 total · sorted by risk
  • CVE-2016-1686MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read)…

  • CVE-2016-1685MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1677MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.03

    uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

  • CVE-2016-1665MedMay 14, 2016
    risk 0.42cvss 6.5epss 0.02

    The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

  • CVE-2016-1654MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

  • CVE-2016-2411MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.

  • CVE-2016-0830MedMar 12, 2016
    risk 0.42cvss 6.5epss 0.01

    btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration…

  • CVE-2016-1637MedMar 6, 2016
    risk 0.42cvss 6.5epss 0.01

    The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.

  • CVE-2016-2052HigJan 25, 2016
    risk 0.42cvss 7.6epss 0.01

    Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check…

  • CVE-2016-1618MedJan 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

  • CVE-2016-1615MedJan 25, 2016
    risk 0.42cvss 6.5epss 0.02

    The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

  • CVE-2009-2416MedAug 11, 2009
    risk 0.42cvss 6.5epss 0.02

    Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as…

  • CVE-2026-11308MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-11187MedJun 4, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11184MedJun 4, 2026
    risk 0.41cvss 6.3epss 0.00

    Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11181MedJun 4, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9989MedMay 28, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

  • CVE-2026-8010MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7977MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7971MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5273MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-13983MedNov 14, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

  • CVE-2025-11216MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

  • CVE-2025-11213MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11212MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11208MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-4051MedMay 5, 2025
    risk 0.41cvss 6.3epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0451MedFeb 4, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2025-0444MedFeb 4, 2025
    risk 0.41cvss 6.3epss 0.00

    Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3175MedJul 16, 2024
    risk 0.41cvss 6.3epss 0.00

    Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2023-5473MedOct 11, 2023
    risk 0.41cvss 6.3epss 0.01

    Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-3739MedAug 1, 2023
    risk 0.41cvss 6.3epss 0.00

    Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

  • CVE-2022-4909MedJul 29, 2023
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1235MedMar 7, 2023
    risk 0.41cvss 6.3epss 0.00

    Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

  • CVE-2022-2164MedJul 28, 2022
    risk 0.41cvss 6.3epss 0.01

    Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

  • CVE-2022-1499MedJul 26, 2022
    risk 0.41cvss 6.3epss 0.01

    Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

  • CVE-2020-15988MedNov 3, 2020
    risk 0.41cvss 6.3epss 0.01

    Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.

  • CVE-2020-6569MedSep 21, 2020
    risk 0.41cvss 6.3epss 0.01

    Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6444MedApr 13, 2020
    risk 0.41cvss 6.3epss 0.01

    Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5071MedOct 27, 2017
    risk 0.41cvss 6.3epss 0.02

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5044MedApr 24, 2017
    risk 0.41cvss 6.3epss 0.02

    Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5038MedApr 24, 2017
    risk 0.41cvss 6.3epss 0.01

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5019MedFeb 17, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5014MedFeb 17, 2017
    risk 0.41cvss 6.3epss 0.01

    Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5221MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.

  • CVE-2016-5219MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5216MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2016-5215MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5190MedDec 18, 2016
    risk 0.41cvss 6.3epss 0.01

    Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

  • CVE-2016-1638MedMar 6, 2016
    risk 0.41cvss 6.3epss 0.01

    extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

Page 137 of 229