CVE-2009-0276

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame...

PT-2025-9735 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 134.0.6998.35 Description: The issue is an out-of-bounds read in the V8 JavaScript engine in Google Chrome, allowing a remote attacker to perform out-of-bounds memory access via a crafted HTML page. This has a...

PT-2025-10636

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.88 Description A type confusion issue exists in the V8 JavaScript engine. This flaw allows a remote attacker to potentially cause heap corruption—a condition where memory is incorrectly allocated or...

PT-2025-6476 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 133.0.6943.98 Description: The issue is related to a use after free vulnerability in the V8 JavaScript engine, which can lead to heap corruption. This can be exploited by a remote attacker using a specially...

PT-2025-1263 · Google +5 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Chromium versions prior to 132.0.6834.83-1deb12u1 Description: A vulnerability exists in the V8 JavaScript engine of Google Chrome and Microsoft Edge due to the lack of protection for the web page...

PT-2025-25775

Name of the Vulnerable Software and Affected Versions Debian Linux affected versions not specified Description The issue is related to an integer overflow. It was reported by Shaheen Fazim. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2024-9699 · Microsoft +4 · Edge +5

Name of the Vulnerable Software and Affected Versions: Chromium versions prior to 131.0.6778.204 Google Chrome versions prior to 131.0.6778.204 Microsoft Edge affected versions not specified Description: A vulnerability exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge...

Google Chrome Code Execution Vulnerability (CNVD-2025-00213)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A code execution vulnerability exists in Google Chrome, which is caused by type obfuscation in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 20...

PT-2024-6711

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Microsoft Edge affected versions not specified Description: The issue is related to incorrect security checks for standard elements in the V8 JavaScript engine handler. This could allow a remote...

PT-2024-6735 · Google +4 · V8 Javascript Engine +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 129.0.6668.58 Microsoft Edge versions affected versions not specified Description: The issue is related to a type confusion error in the V8 JavaScript engine, which can be exploited by a remote attacker using a...

PT-2024-6164 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The vulnerability is an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine, which could allow a remote attacker to potentially exploit heap corruption via a...

PT-2024-5917 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a type confusion in the V8 JavaScript engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML...

PT-2024-6342 · Google +5 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.119 Description: The issue is related to an out of bounds write in the V8 JavaScript engine of Google Chrome and Microsoft Edge browsers. This can allow a remote attacker to potentially exploit heap...

PT-2024-6386 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the...

ROS-20240702-02

A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to accessing a resource via incompatible types. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code V8 JavaScript script handler vulnerability in Google Chro...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

Foxit Reader Lock object fields property type confusion vulnerability

Talos Vulnerability Report TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability April 30, 2024 CVE Number CVE-2024-25575 SUMMARY A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted...

Object Corruption

chrome is vulnerable to a Object Corruption. The vulnerability is due to object corruption in the V8 JavaScript engine within Google Chrome. It allows a remote attacker to potentially exploit object corruption via a crafted HTML page...

ROS-20240328-08

A vulnerability in the WebRTC technology of Google Chrome browser is related to the use of memory after its freeing. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service using specially crafted malware. arbitrary code or cause a...