VYPR

Vendor CVEs

Google

All CVEs

11,331 total · sorted by risk
  • CVE-2023-5854HigNov 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2023-5852HigNov 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2023-5849HigNov 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-21392HigOct 30, 2023
    risk 0.57cvss 8.8epss 0.00

    In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21361HigOct 30, 2023
    risk 0.57cvss 8.8epss 0.00

    In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21356HigOct 30, 2023
    risk 0.57cvss 8.8epss 0.00

    In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40129HigOct 27, 2023
    risk 0.57cvss 8.8epss 0.00

    In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-5472HigOct 25, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-5476HigOct 11, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-5474HigOct 11, 2023
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2023-5218HigOct 11, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2023-5346HigOct 5, 2023
    risk 0.57cvss 8.8epss 0.02

    Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-5187HigSep 28, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-5186HigSep 28, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

  • CVE-2023-35684HigSep 11, 2023
    risk 0.57cvss 8.8epss 0.00

    In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35673HigSep 11, 2023
    risk 0.57cvss 8.8epss 0.00

    In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35658HigSep 11, 2023
    risk 0.57cvss 8.8epss 0.00

    In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-4763HigSep 5, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4572HigAug 29, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-4452HigAug 25, 2023
    risk 0.57cvss 8.8epss 0.00

    Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4429HigAug 23, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4369HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.00

    Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4368HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4366HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4358HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4356HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4354HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4353HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4352HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.02

    Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4351HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4349HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-2312HigAug 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-21282HigAug 14, 2023
    risk 0.57cvss 8.8epss 0.01

    In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-21273HigAug 14, 2023
    risk 0.57cvss 8.8epss 0.00

    In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-4078HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2023-4077HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2023-4076HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

  • CVE-2023-4075HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4074HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4073HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4072HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4071HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-3732HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-3731HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.00

    Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2023-3730HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-3729HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.00

    Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)

  • CVE-2023-3728HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-3727HigAug 1, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-2313HigJul 29, 2023
    risk 0.57cvss 8.8epss 0.01

    Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)

  • CVE-2022-4921HigJul 29, 2023
    risk 0.57cvss 8.8epss 0.01

    Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Page 24 of 227