CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.9%
A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to an improperly
implemented security checks for the standard. Exploitation of the vulnerability could allow an attacker,
acting remotely, to perform a sandbox exit using a specially crafted HTML page
A vulnerability in the Safe Browsing service of Google Chrome and Microsoft Edge browsers is related to insufficient input validation.
inadequate input validation. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service
A vulnerability in the Tabs component of Google Chrome and Microsoft Edge browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service,
cause a denial of service or execute arbitrary code
Vulnerability in the Downloads component of Google Chrome and Microsoft Edge browsers is related to the use of memory after it has been freed.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code
Vulnerability in the Canvas component of Google Chrome and Microsoft Edge browsers is related to access control flaws.
access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to limited functionality
Vulnerability in FedCM component of Google Chrome and Microsoft Edge browsers is related to access control flaws.
access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to the system
Vulnerability in the Screen Capture component of Google Chrome and Microsoft Edge browsers is related to memory usage after release.
memory after release. Exploitation of the vulnerability could allow an attacker acting remotely,
exploit heap corruption using a specially crafted HTML page
A vulnerability in the Audio component of Google Chrome and Microsoft Edge browsers is related to memory utilization
after release. Exploitation of the vulnerability could allow an attacker, acting remotely,
exploit heap corruption using a specially crafted HTML page
A vulnerability in the FedCM component of the Google Chrome and Microsoft Edge browsers is related to flaws in access control
access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to functionality
Vulnerability in the HTML parser of Google Chrome and Microsoft Edge browsers is related to access control weaknesses.
access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to limited functionality.
unauthorized access to limited functionality
A vulnerability in the User Education component of Google Chrome and Microsoft Edge browsers is related to the use of memory after its release.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service or execute arbitrary code
A vulnerability in the Navigation component of Google Chrome and Microsoft Edge browsers is related to the use of memory after it has been freed.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
install a malicious extension
A vulnerability in the Layout component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in the
dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code
Vulnerability in the WebTransport component of Google Chrome browser is related to reading outside the allocated
space. Exploitation of the vulnerability could allow privilege escalation through a specially crafted
HTML page
A vulnerability in the Down component of Google Chrome and Microsoft Edge browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code using a specially crafted web page
Vulnerability in Media Stream component of Google Chrome and Microsoft Edge browsers is related to memory usage after its release.
memory after release. Exploitation of the vulnerability could allow an attacker acting remotely,
exploit heap corruption using a specially crafted HTML page
Vulnerability in the Loader component of Google Chrome and Microsoft Edge browsers is related to memory utilization
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service or execute arbitrary code
Vulnerability in CSS component of Google Chrome and Microsoft Edge browsers is related to memory usage after its release.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or execute arbitrary code.
denial of service or execute arbitrary code
A vulnerability in the V8 JavaScript script handler of Google Chrome browser V8 is related to reading outside of memory boundaries
memory. Exploitation of the vulnerability could allow an attacker acting remotely to perform an exit from the
sandbox using a specially crafted HTML page
Vulnerability in the Frames component of Google Chrome and Microsoft Edge browsers is related to synchronization errors
when using a shared resource (“Race Situation”). Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code
Vulnerability in the Fullscreen component of Google Chrome and Microsoft Edge browsers is related to a flaw in access control.
access controls. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to limited functionality
A vulnerability in the Dawn component of Google Chrome browser is related to the use of an uninitialized variable.
variable. Exploitation of the vulnerability could allow an attacker acting remotely to access
to memory outside of the allocated space using a specially crafted HTML page
A vulnerability in the Dawn component of the Google Chrome browser is related to insufficient data validation. Exploitation
the vulnerability could allow a remote attacker to execute arbitrary code via a specially crafted HTML page.
specially crafted HTML page
A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to an improperly
implemented security checks for the standard. Exploitation of the vulnerability could allow an attacker,
acting remotely, to access memory outside of the allocated space using a
specially crafted HTML page
A vulnerability in the DevTools component of the Google Chrome and Microsoft Edge browsers is related to parallel
execution using a shared resource with improper synchronization. Exploitation of the vulnerability could
allow an attacker acting remotely to inject scripts or HTML into a privileged page using a specially crafted Chrome extension.
using a specially crafted Chrome extension
The ANGLE library vulnerability in Google Chrome and Microsoft Edge browsers is related to reading data outside the
buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.9%