An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.
7.5CVSS
7.2AI Score
0.001EPSS
The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin.
6.5CVSS
6.1AI Score
0.001EPSS
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
9.8CVSS
9.1AI Score
0.003EPSS
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
6.5CVSS
6.2AI Score
0.001EPSS
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
6.5CVSS
6.2AI Score
0.001EPSS
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.
6.5CVSS
6.6AI Score
0.001EPSS
A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.
7.5CVSS
7.3AI Score
0.001EPSS
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.
6.5CVSS
6.2AI Score
0.002EPSS
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
9.8CVSS
9.1AI Score
0.002EPSS
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.
6.5CVSS
6.6AI Score
0.002EPSS
Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
6.5CVSS
6.2AI Score
0.001EPSS
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
6.5CVSS
6.3AI Score
0.003EPSS