CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-12440

CVE-2025-12440 affects Google Chrome/Chromium Autofill prior to 142.0.7444.59. A crafted HTML page can leverage an inappropriate Autofill implementation to exfiltrate potentially sensitive data from process memory after convincing a user to perform specific UI gestures. The published data indicat...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload, create, and rename features for files with HTML and SVG types, due to insufficient content-type validation and lack of output sanitization. An attacker can execute arbitrary scripts in the contex...

DEBIAN-CVE-2025-5283

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

IMP 安全漏洞

IMP is an open source web-based webmail system from Horde. A security vulnerability exists in IMP version 6.2.27 and earlier, which originates from a specially crafted HTML email that could lead to account takeover...

The vulnerability of the Media components in Microsoft Edge and Google Chrome allows attackers to compromise privacy, integrity, and accessibility.

The vulnerability of the Media components in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to compromise privacy, integrity, and accessibility through a specially crafted HTML page...

The vulnerability of the Fullscreen application interface of Google Chrome’s browser allows a hacker to bypass existing security restrictions.

The vulnerability of the Fullscreen application interface of Google Chrome’s browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions on the browser page through a specially...

DEBIAN-CVE-2023-0928

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2021-21181

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the Internals component of Google Chrome versions prior to 105.0.5195.125. An attacker can exploit this vulnerability to leverage heap corruption via specially crafted HTML pages...

Tobesoft Xplatform Input Validation Error Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

chromium-browser: Use after free in WebRTC

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Type Confusion in V8

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6149

Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...