CVE-2026-9984

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-8526

An out of bounds write flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=486536241...

CVE-2026-5863

An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484527367...

CVE-2026-3919

An use after free flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=444176961...

DEBIAN-CVE-2025-0447

Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitatio...

OSV-2021-1338 Uncaught exception in org.jsoup.parser.HtmlTreeBuilder.process

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38982 Crash type: Uncaught exception Crash state: org.jsoup.parser.HtmlTreeBuilder.process org.jsoup.parser.HtmlTreeBuilderState$18.process org.jsoup.parser.HtmlTreeBuilder.process...

OSV-2021-688 Segv on unknown address in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzze

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33682 Crash type: Segv on unknown address Crash state: std::Fuzzer::basicstring, std::Fuzze std::Fuzzer::moneypunctbyname::init...

Google Chrome < 90.0.4430.93 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.93. It is, therefore, affected by multiple vulnerabilities as referenced in the 202104stable-channel-update-for-desktop26 advisory. - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to...

OSV-2020-2253 Global-buffer-overflow in g_date_time_get_ymd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28477 Crash type: Global-buffer-overflow READ 2 Crash state: gdatetimegetymd gdatetimegetyear gdatetimeformatutf8...

OSV-2020-1887 Heap-buffer-overflow in zmq::tcp_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 Crash type: Heap-buffer-overflow WRITE Crash state: zmq::tcpread zmq::streamenginebaset::read zmq::streamenginebaset::ineventinternal...

OSV-2020-911 Heap-buffer-overflow in arrow::Status arrow::ConcatenateOffsets<int>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23916 Crash type: Heap-buffer-overflow READ 4 Crash state: arrow::Status arrow::ConcatenateOffsets arrow::ConcatenateImpl::Visit arrow::Status arrow::VisitTypeInline...

OSV-2020-519 Use-of-uninitialized-value in MOS65XX_group_name

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15112 Crash type: Use-of-uninitialized-value Crash state: MOS65XXgroupname csgroupname fuzzdisasm.c...

OSV-2020-324 Heap-buffer-overflow in av1_convolve_2d_copy_sr_sse2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12549 Crash type: Heap-buffer-overflow READ 16 Crash state: av1convolve2dcopysrsse2 av1convolve2dfacade av1makeinterpredictor...

CVE-2016-10894

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...

Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC)

Sony Playstation 4 PS4 6.20 - WebKit Code Execution PoC PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as...

Sony Playstation 4 (PS4) &lt; 6.20 - WebKit Code Execution (PoC)

PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploit.j...

WebKit JSC Incorrect Optimization

WebKit: JSC: Incorrect for-in optimization 2 CVE-2017-7117 The following PoC bypasses the fix for the https://bugs.chromium.org/p/project-zero/issues/detail?id=1263 WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal PoC: function f let o = ; for let i in xx: 0 for i of 0...

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV

function eventhandler1 CollectGarbage; function eventhandler5 try /FileReader/ var var00063 = new FileReader; catcherr //line 68 try /Blob/ var var00064 = new Blob; catcherr //line 69 try var00063.readAsDataURLvar00064; catcherr //line 70 iiThS9lJ8 A7...