Vendor CVEs
All CVEs
11,415 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1686 | Med | 0.42 | 6.5 | 0.01 | Jun 5, 2016 | The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read)… | ||
| CVE-2016-1685 | Med | 0.42 | 6.5 | 0.01 | Jun 5, 2016 | core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | ||
| CVE-2016-1677 | Med | 0.42 | 6.5 | 0.03 | Jun 5, 2016 | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." | ||
| CVE-2016-1665 | Med | 0.42 | 6.5 | 0.02 | May 14, 2016 | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. | ||
| CVE-2016-1654 | Med | 0.42 | 6.5 | 0.01 | Apr 18, 2016 | The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | ||
| CVE-2016-2411 | Med | 0.42 | 6.5 | 0.01 | Apr 18, 2016 | A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. | ||
| CVE-2016-0830 | Med | 0.42 | 6.5 | 0.01 | Mar 12, 2016 | btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration… | ||
| CVE-2016-1637 | Med | 0.42 | 6.5 | 0.01 | Mar 6, 2016 | The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site. | ||
| CVE-2016-2052 | Hig | 0.42 | 7.6 | 0.01 | Jan 25, 2016 | Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check… | ||
| CVE-2016-1618 | Med | 0.42 | 6.5 | 0.01 | Jan 25, 2016 | Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||
| CVE-2016-1615 | Med | 0.42 | 6.5 | 0.02 | Jan 25, 2016 | The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. | ||
| CVE-2009-2416 | Med | 0.42 | 6.5 | 0.02 | Aug 11, 2009 | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as… | ||
| CVE-2026-11308 | Med | 0.41 | 6.3 | 0.00 | Jun 5, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2026-11187 | Med | 0.41 | 6.3 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11184 | Med | 0.41 | 6.3 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11181 | Med | 0.41 | 6.3 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-9989 | Med | 0.41 | 6.3 | 0.00 | May 28, 2026 | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | ||
| CVE-2026-8010 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-7977 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7971 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-5273 | Med | 0.41 | 6.3 | 0.00 | Apr 1, 2026 | Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-13983 | Med | 0.41 | 6.3 | 0.00 | Nov 14, 2025 | Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) | ||
| CVE-2025-11216 | Med | 0.41 | 6.3 | 0.00 | Nov 6, 2025 | Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low) | ||
| CVE-2025-11213 | Med | 0.41 | 6.3 | 0.00 | Nov 6, 2025 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-11212 | Med | 0.41 | 6.3 | 0.00 | Nov 6, 2025 | Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-11208 | Med | 0.41 | 6.3 | 0.00 | Nov 6, 2025 | Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-4051 | Med | 0.41 | 6.3 | 0.00 | May 5, 2025 | Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0451 | Med | 0.41 | 6.3 | 0.00 | Feb 4, 2025 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0444 | Med | 0.41 | 6.3 | 0.00 | Feb 4, 2025 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-3175 | Med | 0.41 | 6.3 | 0.00 | Jul 16, 2024 | Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2023-5473 | Med | 0.41 | 6.3 | 0.01 | Oct 11, 2023 | Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-3739 | Med | 0.41 | 6.3 | 0.00 | Aug 1, 2023 | Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low) | ||
| CVE-2022-4909 | Med | 0.41 | 6.3 | 0.00 | Jul 29, 2023 | Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-1235 | Med | 0.41 | 6.3 | 0.00 | Mar 7, 2023 | Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | ||
| CVE-2022-2164 | Med | 0.41 | 6.3 | 0.01 | Jul 28, 2022 | Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. | ||
| CVE-2022-1499 | Med | 0.41 | 6.3 | 0.01 | Jul 26, 2022 | Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | ||
| CVE-2020-15988 | Med | 0.41 | 6.3 | 0.01 | Nov 3, 2020 | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | ||
| CVE-2020-6569 | Med | 0.41 | 6.3 | 0.01 | Sep 21, 2020 | Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6444 | Med | 0.41 | 6.3 | 0.01 | Apr 13, 2020 | Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2017-5071 | Med | 0.41 | 6.3 | 0.02 | Oct 27, 2017 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2017-5044 | Med | 0.41 | 6.3 | 0.02 | Apr 24, 2017 | Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2017-5038 | Med | 0.41 | 6.3 | 0.01 | Apr 24, 2017 | Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | ||
| CVE-2017-5019 | Med | 0.41 | 6.3 | 0.01 | Feb 17, 2017 | A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2017-5014 | Med | 0.41 | 6.3 | 0.01 | Feb 17, 2017 | Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2016-5221 | Med | 0.41 | 6.3 | 0.01 | Jan 19, 2017 | Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. | ||
| CVE-2016-5219 | Med | 0.41 | 6.3 | 0.01 | Jan 19, 2017 | A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2016-5216 | Med | 0.41 | 6.3 | 0.01 | Jan 19, 2017 | A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||
| CVE-2016-5215 | Med | 0.41 | 6.3 | 0.01 | Jan 19, 2017 | A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2016-5190 | Med | 0.41 | 6.3 | 0.01 | Dec 18, 2016 | Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | ||
| CVE-2016-1638 | Med | 0.41 | 6.3 | 0.01 | Mar 6, 2016 | extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app. |
- risk 0.42cvss 6.5epss 0.01
The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read)…
- risk 0.42cvss 6.5epss 0.01
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
- risk 0.42cvss 6.5epss 0.03
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
- risk 0.42cvss 6.5epss 0.02
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
- risk 0.42cvss 6.5epss 0.01
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
- risk 0.42cvss 6.5epss 0.01
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
- risk 0.42cvss 6.5epss 0.01
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration…
- risk 0.42cvss 6.5epss 0.01
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
- risk 0.42cvss 7.6epss 0.01
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check…
- risk 0.42cvss 6.5epss 0.01
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as…
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
- risk 0.41cvss 6.3epss 0.00
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.41cvss 6.3epss 0.00
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.01
Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.01
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.02
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.02
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
- risk 0.41cvss 6.3epss 0.01
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
- risk 0.41cvss 6.3epss 0.01
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.41cvss 6.3epss 0.01
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
- risk 0.41cvss 6.3epss 0.01
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.
Page 137 of 229