4942 matches found
CVE-2013-6629
The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...
CVE-2024-1671
CVE-2024-1671 applies to Google Chrome, stemming from an improper Site Isolation implementation that allowed a remote attacker to bypass the Content Security Policy via a crafted HTML page. The vulnerability is described as affecting Chrome versions prior to 122.0.6261.57 . Public advisories indi...
CVE-2024-1674
CVE-2024-1674 is a Chrome/Chromium vulnerability: an inappropriate Navigation implementation allowed remote bypass of navigation restrictions via a crafted HTML page. Affected product is Google Chrome (Chromium core); vulnerable builds prior to 122.0.6261.57. Impact described as navigation bypass...
CVE-2024-1675
CVE-2024-1675 affects Google Chrome/Chromium prior to version 122.0.6261.57. The vulnerability stems from insufficient policy enforcement in the Chrome Download pathway, enabling a remote attacker to bypass filesystem restrictions via a crafted HTML page. The issue is categorized as high severity...
CVE-2024-1676
CVE-2024-1676 affects Google Chrome (Chromium core) prior to 122.0.6261.57. The vulnerability arises from an inappropriate implementation in Navigation, enabling a remote attacker to spoof the security UI via a crafted HTML page. According to the reports, the CVSS data show a network attack vecto...
CVE-2024-1669
CVE-2024-1669 affects Blink in Google Chrome and is fixed by upgrading to Chrome 122.0.6261.57. The vulnerability is an out-of-bounds memory access in Blink that could be triggered by a crafted HTML page, allowing a remote attacker to access memory. The CVE is documented with a high severity in t...
CVE-2024-1670
CVE-2024-1670: Use-after-free in Mojo of Google Chrome/Chromium (pre-122.0.6261.57) allows remote attacker to potentially cause heap corruption via a crafted HTML page. Affected: Chromium/Chrome Mojo component; Impact: high (remote code/heap corruption) per CVSS. Mitigation: upgrade to Chromium/C...
CVE-2024-1673
CVE-2024-1673 affects Google Chrome/Chromium: a use-after-free in Accessibility in the renderer prior to 122.0.6261.57 can allow a remote attacker to potentially cause heap corruption via specific UI gestures. Affected product: Chromium/Chrome (Accessibility component) with root cause described a...
CVE-2024-1672
CVE-2024-1672 affects Google Chrome/Chromium CSP handling. The vulnerability arises from an inappropriate CSP policy implementation that allows bypass via a crafted HTML page. Root cause: CSP module in Chromium is improperly enforcing policy. Affected: Chrome/Chromium builds prior to 122.0.6261.5...
CVE-2024-5157
CVE-2024-5157 affects Google Chrome/Chromium: a use-after-free in the Scheduling component allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The vulnerability is present in Chromium/GChromium pre-125.0.6422.76; exploitation could yield full code execut...
CVE-2024-4059
CVE-2024-4059 describes an out-of-bounds read in the V8 API used by Google Chrome/Chromium prior to 124.0.6367.78. The vulnerability enables a remote attacker to leak cross-site data via a crafted HTML page. Affected component is the Chromium-derived web browser stack (V8 API). The documented imp...
CVE-2025-13223
CVE-2025-13223 is a Type Confusion in V8 within Google Chrome/Chromium (prior to 142.0.7444.175) that can lead to heap corruption via a crafted HTML page. The issue affects Chromium-based Chrome, with root cause described as V8 type confusion; high severity and potential remote code/impact on hea...
CVE-2024-3832
CVE-2024-3832 affects Google Chrome/Chromium via the V8 engine. Description: object corruption in V8 prior to 124.0.6367.60 could be exploited by a crafted HTML page to trigger a remote issue. Affected software: Chromium/Chrome (Chromium-based browser). Underlying cause: object corruption in V8 a...
CVE-2020-15999
CVE-2020-15999 corresponds to a heap-based buffer overflow in FreeType that can be triggered by crafted font/PNG data, potentially via a malicious HTML page, affecting freetype usage in Google Chrome before 86.0.4240.111. Public advisories describe the issue as a heap overflow in Load_SBit_Png an...
CVE-2024-2176
CVE-2024-2176 corresponds to a use-after-free in Chrome/Chromium’s FedCM, fixed in Chromium 122.0.6261.111+ (Chrome prior to 122.0.6261.111 affected). The issue could enable remote code execution via heap corruption from a crafted HTML page; impact is high (C/H/I/A = High). Affected component: Fe...
CVE-2022-0609
CVE-2022-0609 is a Google Chrome vulnerability described as a use-after-free in the Animation component, leading to potential heap corruption and remote code execution via a crafted HTML page. Affected product: Google Chrome (Animation). Vulnerable condition: use-after-free in the Chrome animatio...
CVE-2024-3914
CVE-2024-3914 is a use-after-free in V8 within Google Chrome/Chromium before 124.0.6367.60, allowing potential heap corruption via a crafted HTML page. Public references show this vulnerability being fixed in Chromium/Chrome updates (e.g., ChromeOS/Chrome updates around 124.0.6367.x). The connect...
CVE-2022-2294
CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2022-1096
CVE-2022-1096 — Chrome/Chromium-type confusion in V8 ; a type confusion in V8 prior to Chrome 99.0.4844.84 could allow a remote attacker to cause heap corruption on a crafted HTML page. Affected products are Chromium-based browsers (e.g., Google Chrome, Microsoft Edge). Root cause: type confusion...
CVE-2020-16009
CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...
CVE-2021-30551
CVE-2021-30551 is a type confusion vulnerability in the V8 engine of Chromium-based browsers (e.g., Google Chrome/Chromium) prior to 91.0.4472.101. A remote attacker could potentially trigger heap corruption via a crafted HTML page. Multiple connected advisories confirm the issue and indicate aff...
CVE-2022-1364
CVE-2022-1364 is a type confusion in Google Chrome's V8 Turbofan engine, affecting Chrome/Chromium prior to version 100.0.4896.127. The root cause is a V8 Turbofan type confusion that could allow a remote attacker to trigger heap corruption via a crafted HTML page, leading to potential high-sever...
CVE-2020-6514
CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...
CVE-2019-13720
CVE-2019-13720 is a use-after-free in Chrome’s WebAudio (Chromium) prior to 78.0.3904.87 that could allow remote code execution via a crafted HTML page, with heap corruption as the underlying risk. Public documents identify the affected component as the WebAudio functionality in Chrome/Chromium a...
CVE-2019-5786
CVE-2019-5786 corresponds to a heap use-after-free in Google Chrome’s Blink layer affecting the FileReader API, enabling a remote attacker to potentially cause out-of-bounds memory access via a crafted HTML page. The CVE is documented as a vulnerability in Blink prior to 72.0.3626.121, with the v...
CVE-2020-16012
CVE-2020-16012 is a timing side-channel vulnerability involving cross-origin data leakage via drawImage in graphics code. Connected advisories confirm multiple Mozilla products are affected (notably Firefox/Thunderbird) and that the issue arises from variable-time processing of cross-origin image...
CVE-2021-30563
CVE-2021-30563 is a Type Confusion in the V8 engine used by Google Chrome (and Chromium-based browsers) prior to version 91.0.4472.164. The vulnerability arises from V8 type confusion which could allow a remote attacker to trigger heap corruption via a crafted HTML page. Public disclosures indica...
CVE-2021-21224
CVE-2021-21224 is a type confusion in Google Chrome’s V8 engine (pre-90.0.4430.85) that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Multiple connected advisories confirm the same issue and note exploitation in the wild; remediation per Arch Linux...
CVE-2020-15969
CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...
CVE-2021-30554
CVE-2021-30554 is a use-after-free in the WebGL component of the Chromium-based Chrome/Chromium engine, exploited via crafted HTML pages. Affected are Chrome/Chromium versions before 91.0.4472.114, with remote code execution risk tied to heap corruption. Google is aware of exploits in the wild; m...
CVE-2021-21220
CVE-2021-21220 is a V8 heap‑corruption risk in Google Chrome (Chromium-based) due to insufficient validation of untrusted input. Affected are Chrome versions prior to 89.0.4389.128; Chrome/Chromium updates fixed to 89.0.4389.128. Connected advisories note exploitation in the wild and attribution ...
CVE-2021-21148
CVE-2021-21148 is a heap buffer overflow in the V8 engine of Google Chrome/Chromium up to version 88.0.4324.150, enabling a remote attacker to potentially corrupt the heap via a crafted HTML page. Connected advisories confirm this affects Chromium-based browsers and note public fixes: Debian repo...
CVE-2021-21166
CVE-2021-21166 describes a data race in the audio component of Google Chrome (Chromium-based) prior to 89.0.4389.72, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected product: Google Chrome (Chromium) before 89.0.4389.72; root cause: audi...
CVE-2020-6418
CVE-2020-6418 (Google Chrome / Chromium V8 type confusion) is a remote code-execution risk caused by a type confusion in V8 before version 80.0.3987.122, allowing heap corruption via a crafted HTML page. Public references confirm multiple advisories and fixes across distributions: Debian fixed in...
CVE-2021-21206
CVE-2021-21206 is a use-after-free in Blink (Chrome) leading to potential heap corruption via a crafted HTML page. Affected product: Google Chrome (Blink engine). Root cause: use-after-free in rendering engine prior to 89.0.4389.128. Impact per sources: high severity with network attack vector, u...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2021-21193
CVE-2021-21193 is a use-after-free in Blink of Chromium-based browsers (Chrome) prior to 89.0.4389.90 that can allow remote code execution via a crafted HTML page, with evidence of an exploit in the wild per Arch/Chromium advisories. Affected products include Google Chrome/Chromium (Blink/WebKit ...
CVE-2021-30632
CVE-2021-30632 is a remote, out-of-bounds write vulnerability in Google Chrome’s V8 engine (Chromium) prior to 93.0.4577.82, allowing potential heap corruption via a crafted HTML page. Publicly documented fixes indicate the issue affected the V8 component and was addressed in Chrome/Chromium 93.0...
CVE-2022-4135
CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...
CVE-2023-2033
CVE-2023-2033: A type confusion in Google's V8 engine used by Chromium-based browsers allowed remote heap corruption via crafted HTML. The vulnerability affected Google Chrome/Chromium up to version 112.0.5615.121 and was fixed in the 112.0.5615.121 release (M112 Stable Update). Chrome’s advisory...
CVE-2022-3075
CVE-2022-3075 affects Google Chrome/Chromium Mojo within the renderer. The issue is insufficient data validation that could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page, potentially enabling remote code execution. Affected versions...
CVE-2021-37973
CVE-2021-37973 is a use-after-free vulnerability in Chrome’s Portals, fixed in Chrome 94.0.4606.61. Details across connected sources confirm the flaw exists in Portals code when a renderer is compromised, enabling a sandbox escape via a crafted HTML page and potentially high impact (network vecto...
CVE-2021-38003
CVE-2021-38003 affects Chromium/Chrome’s V8 engine before version 95.0.4638.69. Description and multiple advisories confirm an inappropriate implementation in V8 that could enable remote code execution via crafted HTML, with exploitation noted in the wild (per Arch Linux ASA notes). Affected comp...
CVE-2018-17463
CVE-2018-17463 is a remote code execution vulnerability in the V8 JavaScript engine used by Google Chrome/Chromium. The issue allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page, stemming from an incorrect side-effect annotation in V8. Public disc...
CVE-2021-37975
CVE-2021-37975 is a Use-After-Free in the V8 engine of Google Chrome prior to 94.0.4606.71, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected software: Google Chrome (V8). Impact: remote code execution potential with high severity (CVSS v3.1 base ...
CVE-2021-37976
CVE-2021-37976 is a Google Chrome information-disclosure vulnerability described as an information leak in the core memory component that could allow a remote attacker to obtain potentially sensitive data from process memory via a crafted HTML page. The issue affected Chrome pre-94.0.4606.71; a f...
CVE-2019-5825
CVE-2019-5825 is a Google Chrome vulnerability in the V8 JavaScript engine: an out-of-bounds write that can enable remote heap corruption via a crafted HTML page. Affected software is Chrome (prior to 73.0.3683.86); the issue is tied to JavaScript execution/v8, leading to potential stability or m...
CVE-2021-38000
CVE-2021-38000 is an insufficient validation vulnerability in the Intents component of the Chromium/Google Chrome engine prior to 95.0.4638.69. A remote attacker could cause a user to be navigated to a malicious URL via a crafted HTML page. The issue is listed across multiple advisories (Arch Lin...
CVE-2020-16010
CVE-2020-16010 is a Google Chrome for Android UI heap buffer overflow vulnerability that allowed remote code execution and potential sandbox escape when a renderer process was compromised. Affected component: Chrome UI on Android prior to 86.0.4240.185. Root cause: heap buffer overflow in UI hand...