Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An a...
4.2CVSS
6.3AI Score
0.005EPSS
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
8.8CVSS
8.3AI Score
0.003EPSS
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
9AI Score
0.003EPSS
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
9AI Score
0.003EPSS
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
9.6CVSS
9.2AI Score
0.003EPSS
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
9AI Score
0.003EPSS
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5CVSS
6.5AI Score
0.001EPSS
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
9.6CVSS
8.8AI Score
0.002EPSS
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
8.1CVSS
7.7AI Score
0.001EPSS
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
6.5CVSS
6.6AI Score
0.002EPSS
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
8.8CVSS
8.1AI Score
0.004EPSS
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
8.9AI Score
0.004EPSS
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5CVSS
6.5AI Score
0.001EPSS
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5CVSS
6.5AI Score
0.001EPSS
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5CVSS
6.5AI Score
0.001EPSS
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
9.6CVSS
8.7AI Score
0.002EPSS
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
6.5CVSS
6.6AI Score
0.002EPSS
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5CVSS
6.4AI Score
0.001EPSS
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5CVSS
6.4AI Score
0.002EPSS
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5CVSS
6.3AI Score
0.003EPSS
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
6.5CVSS
6.4AI Score
0.004EPSS
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
6.5CVSS
6.7AI Score
0.003EPSS
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
9AI Score
0.006EPSS
5.4CVSS
7AI Score
0.003EPSS
6.1CVSS
6.7AI Score
0.001EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.8CVSS
8.2AI Score
0.008EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.6AI Score
0.009EPSS
8.8CVSS
8.1AI Score
0.043EPSS
6.5CVSS
7.1AI Score
0.006EPSS
8.8CVSS
8.6AI Score
0.009EPSS
8.8CVSS
8.2AI Score
0.007EPSS
6.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
7.8AI Score
0.007EPSS
6.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.2CVSS
8AI Score
0.001EPSS
8.8CVSS
8.4AI Score
0.003EPSS
8.2CVSS
7.4AI Score
0.003EPSS
5.4CVSS
5.4AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS