VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2026-5292HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5287HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-5286HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5285HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5280HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5279HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5278HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5275HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5274HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5272HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-4447HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-12952HigDec 10, 2025
    risk 0.57cvss epss 0.00

    A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their…

  • CVE-2025-9571HigDec 10, 2025
    risk 0.57cvss epss 0.00

    A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data…

  • CVE-2025-13426HigDec 5, 2025
    risk 0.57cvss epss 0.00

    A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the…

  • CVE-2025-9918HigSep 11, 2025
    risk 0.57cvss epss 0.01

    A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a…

  • CVE-2020-36846CriMay 30, 2025
    risk 0.57cvss 9.8epss 0.01

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot"…

  • CVE-2019-13721HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-9504HigOct 2, 2018
    risk 0.57cvss 8.8epss 0.01

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-6055HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

  • CVE-2018-6054HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

  • CVE-2018-6043HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

  • CVE-2018-6035HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

  • CVE-2018-6033HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

  • CVE-2018-6031HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15406HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15413HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15411HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15409HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2017-15407HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

  • CVE-2017-13256HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2017-13255HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13230HigFeb 12, 2018
    risk 0.57cvss 8.8epss 0.02

    In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-13228HigFeb 12, 2018
    risk 0.57cvss 8.8epss 0.01

    In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-5133HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.

  • CVE-2017-5132HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

  • CVE-2017-5131HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

  • CVE-2017-5130HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

  • CVE-2017-5129HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5128HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.

  • CVE-2017-5127HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5125HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15393HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

  • CVE-2017-15388HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15387HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.

  • CVE-2017-13176HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.01

    In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is…

  • CVE-2017-14879HigJan 10, 2018
    risk 0.57cvss 8.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned…

  • CVE-2015-1290HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.03

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

  • CVE-2017-13151HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.

Page 16 of 227