VYPR

Vendor CVEs

Google

All CVEs

11,509 total · sorted by risk
  • CVE-2018-6174HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-6170HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-6162HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6153HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6151HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.

  • CVE-2018-6144HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

  • CVE-2018-6141HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6140HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

  • CVE-2018-6139HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

  • CVE-2018-6124HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-6120HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

  • CVE-2018-6111HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-6106HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-20066HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-20065HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.

  • CVE-2018-17461HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17458HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-17457HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-16085HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-16076HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-16065HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-15401HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-10403HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-18359HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-18356HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18354HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

  • CVE-2018-18347HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

  • CVE-2018-18343HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18342HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.03

    Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-18341HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18340HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18339HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18338HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18337HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18336HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-18335HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.04

    Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17481HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-9572HigDec 7, 2018
    risk 0.57cvss 8.8epss 0.01

    In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9571HigDec 7, 2018
    risk 0.57cvss 8.8epss 0.01

    In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9569HigDec 7, 2018
    risk 0.57cvss 8.8epss 0.01

    In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9555HigDec 6, 2018
    risk 0.57cvss 8.8epss 0.01

    In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-6094HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.02

    Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6090HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-6088HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.02

    An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

  • CVE-2018-6087HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.03

    A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-6086HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.03

    A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-6085HigDec 4, 2018
    risk 0.57cvss 8.8epss 0.04

    Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-9537HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9535HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9534HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

Page 41 of 231