67 matches found
CVE-2025-6179
Summary of CVE-2025-6179 (ChromeOS) : The issue is a permissions bypass in ChromeOS Extension Management affecting Google ChromeOS, version 16181.27.0 on managed devices. The underlying problem allows a local attacker to disable extensions and gain Developer Mode, including loading additional ext...
CVE-2022-2743
Mode C: The CVE-2022-2743 entry describes a concrete vulnerability in Google Chrome’s Window Manager on Chrome OS and Lacros, where an integer overflow can enable a remote attacker to cause an out-of-bounds memory write through crafted UI interactions. Affected software is Google Chrome on Chrome...
CVE-2014-3180
CVE-2014-3180 affects the Linux kernel prior to 3.17, specifically the compatibility code path in kernel/compat.c. The vulnerability is an out-of-bounds read where restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. Note: the description states the code path is unreachab...
CVE-2011-0480
CVE-2011-0480 involves FFmpeg’s Vorbis decoder (libavcodec/vorbis_dec.c) with multiple buffer overflows that can be triggered by a crafted WebM file, leading to memory corruption and possible denial of service or other impact. The vulnerability affects FFmpeg as used in browsers (e.g., Chrome pri...
CVE-2010-4577
CVE-2010-4577 affects WebKit/WebKitGTK+ in the CSSParser::parseFontFaceSrc path, enabling an out-of-bounds read and denial of service via a crafted local font. Affected products include WebKit-based browsers (e.g., Google Chrome before 8.0.552.224; webkitgtk before 1.2.6). Remediation noted acros...
CVE-2017-15400
CVE-2017-15400 affects CUPS in Google Chrome OS before 62.0.3202.74, where insufficient restriction of IPP filters via a crafted PPD file allows a remote attacker to execute commands with the cups daemon privileges. Impact is remote command execution with the cups daemon’s privileges. Remediation...
CVE-2014-3188
CVE-2014-3188 affects Google Chrome (and Chrome OS) prior to 38.0.2125.101. The flaw arises from the interaction of IPC and V8, specifically an improper parsing of an escaped index in json-parser.h (ParseJsonObject), enabling remote code execution via crafted JSON data. Affected: Chrome <38.0....
CVE-2025-1568
CVE-2025-1568 is a Gerrit-based supply‑chain and access-control vulnerability in Google ChromeOS Gerrit project configuration (ChromiumOS, ChromeOS 16063.87.0) characterized by misconfigurations in Gerrit’s project.config, permissive default addPatchSet, and a race window that enables malicious p...
CVE-2025-2073
CVE-2025-2073 affects Google ChromeOS Kernel via an Out-of-Bounds Read in netfilter/ipset. PT-2025-16922 details the root cause in ip_set_bitmap_ip.c and lists affected ChromeOS Kernel versions 4.19, 5.4, 5.10, 5.15, and 6.1. The issue can let a user with CAP NET_ADMIN privileges cause memory cor...
CVE-2010-4578
CVE-2010-4578 affects Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343. The issue is due to improper cursor handling that can lead to stale pointers, enabling remote attackers to cause a denial of service and possibly other unspecified impact via unknown vectors. Exploitation det...
CVE-2013-2832
CVE-2013-2832 affects Google Chrome OS before 26.0.1410.57, specifically the O3D plug-in’s Buffer::Set in core/cross/buffer.cc, where uninitialized data could remain in a buffer and allow remote attackers to obtain sensitive information via unspecified vectors. The fix was delivered in Chrome OS ...
CVE-2011-0482
CVE-2011-0482 affects Google Chrome (before 8.0.552.237) and Chrome OS (before 8.0.552.344). The vulnerability arises from improper casting of an unspecified variable during handling of anchors in HTML, enabling a remote attacker to cause a denial of service and potentially other impacts. Multipl...
CVE-2011-0472
CVE-2011-0472 affects Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344. The issue is improper handling of printing PDF documents, allowing user‑assisted remote attackers to cause a denial of service (application crash) via a multi‑page document. The connected documents do not pro...
CVE-2012-2864
CVE-2012-2864 affects Mesa, the graphics library used in affected Chrome/Chromebook deployments. A buffer/array overrun in GLSL shader handling (glsl linker) can occur when there are too many uniforms, enabling remote code execution in some environments or causing denial of service according to m...
CVE-2025-1566
CVE-2025-1566 affects Google ChromeOS, specifically the Native System VPN in the Dev Channel. The root cause is a failure to properly tunnel DNS traffic during VPN state transitions, enabling network observers to expose plaintext DNS queries. Reported in ChromeOS/Kubernetes-related advisories, wi...
CVE-2013-2866
CVE-2013-2866 affects Google Chrome and Chrome OS where the Flash plugin's handling of an embedded Flash element’s opacity allowed a clickjacking technique to trick users into granting camera or microphone access. Root cause: improper determination of user consent for Flash-permission requests, e...
CVE-2017-15397
CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...
CVE-2025-1290
CVE-2025-1290 affects ChromeOS Kernel 5.4: a race condition Use-After-Free in virtio_transport_space_update during AF_VSOCK connect can lead to a dangling pointer and potential kernel code execution. Exploitation details are not provided in the documents, but Red Hat, CNVD, CNNVD and PT Security ...
CVE-2025-2509
CVE-2025-2509 describes an out-of-bounds read in Virglrenderer on ChromeOS (build 16093.57.0) that allows a malicious guest VM to access arbitrary addresses inside the crosvm sandboxed process, potentially enabling VM escape via crafted vertex data affecting util_format_description. The entry sho...
CVE-2013-2833
CVE-2013-2833 is a use-after-free vulnerability in the O3D plug-in used by Google Chrome OS before version 26.0.1410.57. The flaw arises from improper ownership relationship handling among Elements and DrawElements, enabling remote attackers to trigger a denial of service or potentially other imp...
CVE-2025-1704
CVE-2025-1704 affects Google ChromeOS components, specifically the ComponentInstaller modification in ChromeOS 15823.23.0 on Chromebooks, enabling enrolled users with local access to unenroll devices and intercept device-management requests by loading components from the unencrypted stateful part...
CVE-2011-0471
CVE-2011-0471 relates to Google Chrome and Chrome OS where the node-iteration implementation mishandles pointers, allowing remote denial of service and possibly other unspecified impacts. Affected versions are Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344. The issue stems from improp...
CVE-2025-1121
CVE-2025-1121 describes a privilege-escalation in Google ChromeOS: on devices running ChromeOS 15786.48.2, an attacker with physical access can craft a recovery image to gain root code execution and potentially unenroll enterprise-managed devices. Affected component: installer and recovery image ...
CVE-2014-1710
The CVE-2014-1710 issue affects Google Chrome and Chrome OS before 33.0.1750.152. It concerns AsyncPixelTransfersCompletedQuery::End in gpu/command_buffer/service/query_manager.cc, where a bounds check for a position within a shared-memory segment is missing. This can allow remote attackers to ca...
CVE-2011-0483
CVE-2011-0483 affects Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, where a cast of an unspecified variable during video handling could allow remote denial of service and possibly other impact via unknown vectors. The vulnerability is documented across multiple feeds (NVD and...
CVE-2016-5179
Chrome OS before 53.0.2785.144 is affected by CVE-2016-5179, with root cause described as incorrect validation of writes to paths on the stateful partition. The vulnerability allows remote code execution at boot and is rated CRITICAL (CVSS v3 base score 9.8). The mitigation is to upgrade to Chrom...
CVE-2017-5084
CVE-2017-5084 detail (Google Chrome OS): In Chrome OS, the image-burner component exposed a BurnImage D-Bus endpoint with an inappropriate implementation, enabling a local attacker to read local files via dbus-send commands. Affected: Chrome OS builds prior to 59.0.3071.92. Impact is local inform...
CVE-2012-5129
CVE-2012-5129 describes a heap-based buffer overflow in the WebGL subsystem of Google Chrome OS prior to 23.0.1271.94. The vulnerability can allow a remote attacker to cause a denial-of-service via a GPU process crash and may have unspecified other impact via unknown vectors. The provided connect...
CVE-2010-4575
CVE-2010-4575 affects Google Chrome (before 8.0.552.224) and Chrome OS (before 8.0.552.343). The issue is in ThemeInstalledInfoBarDelegate::Observe, where incorrect tab interaction by an extension is not handled properly, enabling user-assisted remote attackers to cause a denial of service (appli...
CVE-2011-0479
Google Chrome (Windows/Linux/macOS) before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by CVE-2011-0479, a vulnerability in extensions handling that allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. The issue stems f...
CVE-2011-0470
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a vulnerability in handling extensions notifications that can be exploited to crash the application (denial of service). The provided documents state the issue but do not give explicit exploitation details or a conf...
CVE-2019-16508
The CVE-2019-16508 entry affects the Google Chrome OS Imagination Technologies driver. Affected chromeos builds have the Imagination driver before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0. The root cause is an integer overflow arising from granted access for the GPU proce...
CVE-2010-4576
CVE-2010-4576 affects Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343. The issue lies in browser/worker_host/message_port_dispatcher.cc where certain postMessage calls with web workers are mishandled, enabling remote attackers to trigger a NULL pointer dereference and crash the ...
CVE-2011-0484
CVE-2011-0484 affects Google Chrome (before 8.0.552.237) and Chrome OS (before 8.0.552.344). The issue arises from improper DOM node removal, enabling denial of service or unspecified impact via a stale rendering node. NVD assigns a base score of 7.5 ( HIGH ) with network/low complexity exploit c...
CVE-2014-1708
CVE-2014-1708 affects Google Chrome OS boot: the boot implementation before 33.0.1750.152 does not properly account for file persistence, allowing remote attackers to execute arbitrary code via unspecified vectors. Affected: Chrome OS boot path; root cause: inadequate handling of file persistence...
CVE-2010-4574
CVE-2010-4574 affects Google Chrome (before 8.0.552.224) and Chrome OS (before 8.0.552.343) on 64-bit Linux. The vulnerability lies in Pickle::Pickle (base/pickle.cc), where incorrect pointer arithmetic can bypass message deserialization validation, enabling remote input to cause denial of servic...
CVE-2011-0474
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a flaw in handling CSS token sequences with cursors that can lead to a denial of service and possibly other impact via unknown vectors that produce a stale pointer. The provided documents identify the vulnerable sof...
CVE-2013-0927
Chrome OS prior to 26.0.1410.57 is affected by CVE-2013-0927 due to a Pango pango-utils.c read_config flaw that loads the user’s .pangorc and the file pointed to by PANGO_RC_FILE, allowing attackers to bypass access restrictions with crafted configuration data. The issue arises from how configura...
CVE-2011-0475
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a use-after-free vulnerability in PDF handling, enabling remote denial of service or possibly other impact. Root cause: use-after-free in the PDF document path. Affected products/components: Google Chrome (pre-8.0.5...
CVE-2011-0478
Google Chrome/CromeOS vulnerability CVE-2011-0478 affects Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, due to improper handling of SVG use elements. This can cause denial of service and possibly unspecified other impact via unknown vectors that lead to a stale pointer. The issue is...
CVE-2011-0476
CVE-2011-0476 : Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected. A PDF document can trigger an out-of-memory error, causing stack memory corruption and a possible denial of service. The description is supported by multiple sources (NVD/OpenVAS entries) with a high C...
CVE-2011-0481
CVE-2011-0481 : Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly other impact via vectors related to PDF shading. Affected software is Google Chrome and Chrome OS (versions cited in the entry). Th...
CVE-2012-1418
Technical details for CVE-2012-1418 are not publicly available in the provided documents; no affected products, vectors, or fixes are specified. Monitor for updates.
CVE-2013-0915
The CVE-2013-0915 entry affects Google Chrome OS: GPUs may overflow in the GPU process, before version 25.0.1364.173, allowing denial of service and possibly other impact. The related Chrome OS Stable Channel update (25.0.1364.173) fixes the overflow in the GPU process; release notes credit this ...
CVE-2014-1706
CVE-2014-1706 affects Google Chrome OS, specifically the crosh shell. The vulnerability is a command-injection issue in crosh that allowed attackers to inject commands via unspecified vectors. The issue was addressed in Chrome OS 33.0.1750.152, as noted in the Stable Channel Update, which publish...
CVE-2014-1707
CVE-2014-1707 is a directory traversal vulnerability in CrosDisks on Google Chrome OS prior to 33.0.1750.152. The connected sources confirm CrosDisks path traversal with the Chrome OS 33.0.1750.152 update addressing the issue; exploitation vectors and exact impact are not detailed in the provided...
CVE-2011-4548
CVE-2011-4548 concerns Google Chrome before 16.0.912.44 on Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms. The connected records provide limited details: the vulnerability family is described as multiple unspecified vulnerabilities with unknown impact and attack vectors on these pla...
CVE-2011-4719
Mode C: CVE-2011-4719 concerns Google Chrome before 16.0.912.63 on Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms. The connected documents provide concrete details: affected product is Google Chrome browser; affected versions are before 16.0.912.63. The root cause and impact are des...
CVE-2013-2834
CVE-2013-2834 and CVE-2013-2835 affect Google Chrome OS up to version 26.0.1410.57. The issue is an origin restrictions bypass in the O3D and Google Talk plug-ins, allowing remote attackers to bypass the domain-whitelist protection via a crafted site. Affected product: Chrome OS (before 26.0.1410...
CVE-2013-2835
CVE-2013-2835 : Google Chrome OS prior to 26.0.1410.57 contains an origin restriction bypass in the O3D and Google Talk plug-ins, allowing remote attackers to bypass the domain-whitelist protection via a crafted website. Affected product/version: Google Chrome OS