CVE-2026-5873

Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-4450

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome < 4.9.385.33 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.9.385.33. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update24 advisory. - The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 457351015 High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03...

Security update for chromium (moderate)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20032-1 Rating: moderate References: bsc1252402 Cross-References: CVE-2025-12036 Affected Products: openSUSE Leap 16.0...

AZL-69905 CVE-2025-11215 affecting package nodejs18 18.20.3-11

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

Google Chrome < 141.0.7390.122 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 141.0.7390.122. It is, therefore, affected by a vulnerability as referenced in the 202510stable-channel-update-for-desktop21 advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

DEBIAN-CVE-2025-1914

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 134 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 134.0.6998.35 Linux 134.0.6998.35/36 Windows 134.0.6998.44/45 Mac contains a number of fixes and improvements -- a list of...

CVE-2024-12053

Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2012-5128

Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2017-5053

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf...

SUSE CVE-2017-5098

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

SUSE CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome V8 Bug Allows Remote Code-Execution

Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution RCE within a user’s browser. The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from...

CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

UBUNTU-CVE-2018-6064

Type Confusion in the implementation of defineGetter in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Remote code execution in V8

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

UBUNTU-CVE-2014-7927

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...