CVE-2026-7976

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

Updated rootcerts, nss & firefox packages fix security vulnerabilities

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private...

CVE-2013-0919

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window...

Exploit for Race Condition within a Thread in Google Chrome

CVE-2024-6778 This repository contains proof-of-concept exploits...

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

SUSE CVE-2022-1863

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...

Use-After-Free

chromium is vulnerable to use after free. The vulnerability exists due to heap corruption in App Service which allows an attacker to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

The vulnerability of Google Chrome browser, which arises due to insufficient validation of input data, allows attackers to circumvent navigation restrictions.

The vulnerability of Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to circumvent navigation restrictions using a specially created extension...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

WinRAR 2.90/3.0/3.10 - Archive File Extension Buffer Overrun

source: https://www.securityfocus.com/bid/6664/info A vulnerability has been discovered in WinRAR. The problem occurs when the affected application opens an archive containing a file with an overly long file extension. It has been reported that it is possible for an attacker to exploit this issue...

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)

// source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow...

Microsoft IIS 4.0/5.0 - Malformed File Extension Denial of Service

source: https://www.securityfocus.com/bid/1190/info Sending a specially crafted URL containing malformed file extension information to Microsoft IIS 4.0/5.0 will consume CPU usage until it reaches 100% which will halt the program's services. Restarting the application or waiting until the URL is...