Lucene search
K
GoogleChrome Os

67 matches found

CVE
CVE
added 2025/06/16 4:56 p.m.281 views

CVE-2025-6179

Summary of CVE-2025-6179 (ChromeOS) : The issue is a permissions bypass in ChromeOS Extension Management affecting Google ChromeOS, version 16181.27.0 on managed devices. The underlying problem allows a local attacker to disable extensions and gain Developer Mode, including loading additional ext...

9.8CVSS6.4AI score0.00219EPSS
CVE
CVE
added 2023/01/02 12:0 a.m.229 views

CVE-2022-2743

Mode C: The CVE-2022-2743 entry describes a concrete vulnerability in Google Chrome’s Window Manager on Chrome OS and Lacros, where an integer overflow can enable a remote attacker to cause an out-of-bounds memory write through crafted UI interactions. Affected software is Google Chrome on Chrome...

8.8CVSS8.5AI score0.00541EPSS
CVE
CVE
added 2019/11/06 7:22 p.m.135 views

CVE-2014-3180

CVE-2014-3180 affects the Linux kernel prior to 3.17, specifically the compatibility code path in kernel/compat.c. The vulnerability is an out-of-bounds read where restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. Note: the description states the code path is unreachab...

9.1CVSS8.5AI score0.00941EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.105 views

CVE-2011-0480

CVE-2011-0480 involves FFmpeg’s Vorbis decoder (libavcodec/vorbis_dec.c) with multiple buffer overflows that can be triggered by a crafted WebM file, leading to memory corruption and possible denial of service or other impact. The vulnerability affects FFmpeg as used in browsers (e.g., Chrome pri...

9.3CVSS7.4AI score0.02304EPSS
CVE
CVE
added 2010/12/22 12:0 a.m.94 views

CVE-2010-4577

CVE-2010-4577 affects WebKit/WebKitGTK+ in the CSSParser::parseFontFaceSrc path, enabling an out-of-bounds read and denial of service via a crafted local font. Affected products include WebKit-based browsers (e.g., Google Chrome before 8.0.552.224; webkitgtk before 1.2.6). Remediation noted acros...

7.5CVSS7.5AI score0.02209EPSS
CVE
CVE
added 2018/02/07 11:0 p.m.93 views

CVE-2017-15400

CVE-2017-15400 affects CUPS in Google Chrome OS before 62.0.3202.74, where insufficient restriction of IPP filters via a crafted PPD file allows a remote attacker to execute commands with the cups daemon privileges. Impact is remote command execution with the cups daemon’s privileges. Remediation...

9.3CVSS7.7AI score0.00878EPSS
CVE
CVE
added 2014/10/08 10:0 a.m.87 views

CVE-2014-3188

CVE-2014-3188 affects Google Chrome (and Chrome OS) prior to 38.0.2125.101. The flaw arises from the interaction of IPC and V8, specifically an improper parsing of an escaped index in json-parser.h (ParseJsonObject), enabling remote code execution via crafted JSON data. Affected: Chrome <38.0....

10CVSS7.2AI score0.0595EPSS
CVE
CVE
added 2025/04/16 11:6 p.m.86 views

CVE-2025-1568

CVE-2025-1568 is a Gerrit-based supply‑chain and access-control vulnerability in Google ChromeOS Gerrit project configuration (ChromiumOS, ChromeOS 16063.87.0) characterized by misconfigurations in Gerrit’s project.config, permissive default addPatchSet, and a race window that enables malicious p...

8.8CVSS8.8AI score0.00353EPSS
CVE
CVE
added 2025/04/16 11:6 p.m.84 views

CVE-2025-2073

CVE-2025-2073 affects Google ChromeOS Kernel via an Out-of-Bounds Read in netfilter/ipset. PT-2025-16922 details the root cause in ip_set_bitmap_ip.c and lists affected ChromeOS Kernel versions 4.19, 5.4, 5.10, 5.15, and 6.1. The issue can let a user with CAP NET_ADMIN privileges cause memory cor...

8.8CVSS8AI score0.00215EPSS
CVE
CVE
added 2010/12/22 12:0 a.m.82 views

CVE-2010-4578

CVE-2010-4578 affects Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343. The issue is due to improper cursor handling that can lead to stale pointers, enabling remote attackers to cause a denial of service and possibly other unspecified impact via unknown vectors. Exploitation det...

7.5CVSS8.7AI score0.01652EPSS
CVE
CVE
added 2013/04/16 8:0 p.m.80 views

CVE-2013-2832

CVE-2013-2832 affects Google Chrome OS before 26.0.1410.57, specifically the O3D plug-in’s Buffer::Set in core/cross/buffer.cc, where uninitialized data could remain in a buffer and allow remote attackers to obtain sensitive information via unspecified vectors. The fix was delivered in Chrome OS ...

5CVSS5.9AI score0.00924EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.77 views

CVE-2011-0482

CVE-2011-0482 affects Google Chrome (before 8.0.552.237) and Chrome OS (before 8.0.552.344). The vulnerability arises from improper casting of an unspecified variable during handling of anchors in HTML, enabling a remote attacker to cause a denial of service and potentially other impacts. Multipl...

4.3CVSS9.2AI score0.0188EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.75 views

CVE-2011-0472

CVE-2011-0472 affects Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344. The issue is improper handling of printing PDF documents, allowing user‑assisted remote attackers to cause a denial of service (application crash) via a multi‑page document. The connected documents do not pro...

9.3CVSS7.2AI score0.0219EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.75 views

CVE-2012-2864

CVE-2012-2864 affects Mesa, the graphics library used in affected Chrome/Chromebook deployments. A buffer/array overrun in GLSL shader handling (glsl linker) can occur when there are too many uniforms, enabling remote code execution in some environments or causing denial of service according to m...

10CVSS7.4AI score0.04641EPSS
CVE
CVE
added 2025/04/16 11:6 p.m.75 views

CVE-2025-1566

CVE-2025-1566 affects Google ChromeOS, specifically the Native System VPN in the Dev Channel. The root cause is a failure to properly tunnel DNS traffic during VPN state transitions, enabling network observers to expose plaintext DNS queries. Reported in ChromeOS/Kubernetes-related advisories, wi...

7.5CVSS7.5AI score0.00192EPSS
CVE
CVE
added 2013/06/19 8:0 p.m.73 views

CVE-2013-2866

CVE-2013-2866 affects Google Chrome and Chrome OS where the Flash plugin's handling of an embedded Flash element’s opacity allowed a clickjacking technique to trick users into granting camera or microphone access. Root cause: improper determination of user consent for Flash-permission requests, e...

4.3CVSS5.5AI score0.01435EPSS
CVE
CVE
added 2018/02/07 11:0 p.m.71 views

CVE-2017-15397

CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...

7.4CVSS7.3AI score0.00428EPSS
CVE
CVE
added 2025/04/17 12:13 a.m.71 views

CVE-2025-1290

CVE-2025-1290 affects ChromeOS Kernel 5.4: a race condition Use-After-Free in virtio_transport_space_update during AF_VSOCK connect can lead to a dangling pointer and potential kernel code execution. Exploitation details are not provided in the documents, but Red Hat, CNVD, CNNVD and PT Security ...

8.1CVSS7.2AI score0.00253EPSS
CVE
CVE
added 2025/05/06 12:59 a.m.69 views

CVE-2025-2509

CVE-2025-2509 describes an out-of-bounds read in Virglrenderer on ChromeOS (build 16093.57.0) that allows a malicious guest VM to access arbitrary addresses inside the crosvm sandboxed process, potentially enabling VM escape via crafted vertex data affecting util_format_description. The entry sho...

7.8CVSS6.9AI score0.00112EPSS
CVE
CVE
added 2013/04/16 8:0 p.m.66 views

CVE-2013-2833

CVE-2013-2833 is a use-after-free vulnerability in the O3D plug-in used by Google Chrome OS before version 26.0.1410.57. The flaw arises from improper ownership relationship handling among Elements and DrawElements, enabling remote attackers to trigger a denial of service or potentially other imp...

10CVSS7.4AI score0.01611EPSS
CVE
CVE
added 2025/04/16 11:6 p.m.66 views

CVE-2025-1704

CVE-2025-1704 affects Google ChromeOS components, specifically the ComponentInstaller modification in ChromeOS 15823.23.0 on Chromebooks, enabling enrolled users with local access to unenroll devices and intercept device-management requests by loading components from the unencrypted stateful part...

6.5CVSS6.6AI score0.00194EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.65 views

CVE-2011-0471

CVE-2011-0471 relates to Google Chrome and Chrome OS where the node-iteration implementation mishandles pointers, allowing remote denial of service and possibly other unspecified impacts. Affected versions are Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344. The issue stems from improp...

10CVSS7.2AI score0.02411EPSS
CVE
CVE
added 2025/03/06 11:49 p.m.65 views

CVE-2025-1121

CVE-2025-1121 describes a privilege-escalation in Google ChromeOS: on devices running ChromeOS 15786.48.2, an attacker with physical access can craft a recovery image to gain root code execution and potentially unenroll enterprise-managed devices. Affected component: installer and recovery image ...

6.8CVSS7.1AI score0.00138EPSS
CVE
CVE
added 2014/03/16 10:0 a.m.64 views

CVE-2014-1710

The CVE-2014-1710 issue affects Google Chrome and Chrome OS before 33.0.1750.152. It concerns AsyncPixelTransfersCompletedQuery::End in gpu/command_buffer/service/query_manager.cc, where a bounds check for a position within a shared-memory segment is missing. This can allow remote attackers to ca...

7.5CVSS7.4AI score0.01081EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.63 views

CVE-2011-0483

CVE-2011-0483 affects Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, where a cast of an unspecified variable during video handling could allow remote denial of service and possibly other impact via unknown vectors. The vulnerability is documented across multiple feeds (NVD and...

5CVSS7.3AI score0.01696EPSS
CVE
CVE
added 2018/03/06 10:0 p.m.63 views

CVE-2016-5179

Chrome OS before 53.0.2785.144 is affected by CVE-2016-5179, with root cause described as incorrect validation of writes to paths on the stateful partition. The vulnerability allows remote code execution at boot and is rated CRITICAL (CVSS v3 base score 9.8). The mitigation is to upgrade to Chrom...

10CVSS9.8AI score0.0238EPSS
CVE
CVE
added 2017/10/27 5:0 a.m.63 views

CVE-2017-5084

CVE-2017-5084 detail (Google Chrome OS): In Chrome OS, the image-burner component exposed a BurnImage D-Bus endpoint with an inappropriate implementation, enabling a local attacker to read local files via dbus-send commands. Affected: Chrome OS builds prior to 59.0.3071.92. Impact is local inform...

3.3CVSS3.5AI score0.00151EPSS
CVE
CVE
added 2012/12/04 2:0 a.m.62 views

CVE-2012-5129

CVE-2012-5129 describes a heap-based buffer overflow in the WebGL subsystem of Google Chrome OS prior to 23.0.1271.94. The vulnerability can allow a remote attacker to cause a denial-of-service via a GPU process crash and may have unspecified other impact via unknown vectors. The provided connect...

7.5CVSS7.6AI score0.01116EPSS
CVE
CVE
added 2010/12/22 12:0 a.m.61 views

CVE-2010-4575

CVE-2010-4575 affects Google Chrome (before 8.0.552.224) and Chrome OS (before 8.0.552.343). The issue is in ThemeInstalledInfoBarDelegate::Observe, where incorrect tab interaction by an extension is not handled properly, enabling user-assisted remote attackers to cause a denial of service (appli...

4.3CVSS6.9AI score0.01406EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.61 views

CVE-2011-0479

Google Chrome (Windows/Linux/macOS) before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by CVE-2011-0479, a vulnerability in extensions handling that allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. The issue stems f...

7.5CVSS6.3AI score0.01611EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.60 views

CVE-2011-0470

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a vulnerability in handling extensions notifications that can be exploited to crash the application (denial of service). The provided documents state the issue but do not give explicit exploitation details or a conf...

5CVSS6.4AI score0.01854EPSS
CVE
CVE
added 2019/10/01 11:7 a.m.60 views

CVE-2019-16508

The CVE-2019-16508 entry affects the Google Chrome OS Imagination Technologies driver. Affected chromeos builds have the Imagination driver before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0. The root cause is an integer overflow arising from granted access for the GPU proce...

9.3CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2010/12/22 12:0 a.m.59 views

CVE-2010-4576

CVE-2010-4576 affects Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343. The issue lies in browser/worker_host/message_port_dispatcher.cc where certain postMessage calls with web workers are mishandled, enabling remote attackers to trigger a NULL pointer dereference and crash the ...

5CVSS7.1AI score0.01667EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.59 views

CVE-2011-0484

CVE-2011-0484 affects Google Chrome (before 8.0.552.237) and Chrome OS (before 8.0.552.344). The issue arises from improper DOM node removal, enabling denial of service or unspecified impact via a stale rendering node. NVD assigns a base score of 7.5 ( HIGH ) with network/low complexity exploit c...

7.5CVSS7.3AI score0.01893EPSS
CVE
CVE
added 2014/03/16 10:0 a.m.59 views

CVE-2014-1708

CVE-2014-1708 affects Google Chrome OS boot: the boot implementation before 33.0.1750.152 does not properly account for file persistence, allowing remote attackers to execute arbitrary code via unspecified vectors. Affected: Chrome OS boot path; root cause: inadequate handling of file persistence...

10CVSS7.6AI score0.02015EPSS
CVE
CVE
added 2010/12/22 12:0 a.m.58 views

CVE-2010-4574

CVE-2010-4574 affects Google Chrome (before 8.0.552.224) and Chrome OS (before 8.0.552.343) on 64-bit Linux. The vulnerability lies in Pickle::Pickle (base/pickle.cc), where incorrect pointer arithmetic can bypass message deserialization validation, enabling remote input to cause denial of servic...

7.5CVSS7.9AI score0.01798EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.58 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a flaw in handling CSS token sequences with cursors that can lead to a denial of service and possibly other impact via unknown vectors that produce a stale pointer. The provided documents identify the vulnerable sof...

10CVSS7.3AI score0.02829EPSS
CVE
CVE
added 2013/04/10 4:0 p.m.58 views

CVE-2013-0927

Chrome OS prior to 26.0.1410.57 is affected by CVE-2013-0927 due to a Pango pango-utils.c read_config flaw that loads the user’s .pangorc and the file pointed to by PANGO_RC_FILE, allowing attackers to bypass access restrictions with crafted configuration data. The issue arises from how configura...

7.5CVSS6.4AI score0.00873EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.57 views

CVE-2011-0475

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a use-after-free vulnerability in PDF handling, enabling remote denial of service or possibly other impact. Root cause: use-after-free in the PDF document path. Affected products/components: Google Chrome (pre-8.0.5...

9.3CVSS7.2AI score0.02008EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.57 views

CVE-2011-0478

Google Chrome/CromeOS vulnerability CVE-2011-0478 affects Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, due to improper handling of SVG use elements. This can cause denial of service and possibly unspecified other impact via unknown vectors that lead to a stale pointer. The issue is...

10CVSS7.3AI score0.02616EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.56 views

CVE-2011-0476

CVE-2011-0476 : Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected. A PDF document can trigger an out-of-memory error, causing stack memory corruption and a possible denial of service. The description is supported by multiple sources (NVD/OpenVAS entries) with a high C...

10CVSS7.3AI score0.02555EPSS
CVE
CVE
added 2011/01/14 4:0 p.m.56 views

CVE-2011-0481

CVE-2011-0481 : Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly other impact via vectors related to PDF shading. Affected software is Google Chrome and Chrome OS (versions cited in the entry). Th...

9.3CVSS7.5AI score0.02364EPSS
CVE
CVE
added 2012/02/29 11:0 a.m.56 views

CVE-2012-1418

Technical details for CVE-2012-1418 are not publicly available in the provided documents; no affected products, vectors, or fixes are specified. Monitor for updates.

10CVSS6.7AI score0.00686EPSS
CVE
CVE
added 2013/03/18 3:0 p.m.56 views

CVE-2013-0915

The CVE-2013-0915 entry affects Google Chrome OS: GPUs may overflow in the GPU process, before version 25.0.1364.173, allowing denial of service and possibly other impact. The related Chrome OS Stable Channel update (25.0.1364.173) fixes the overflow in the GPU process; release notes credit this ...

10CVSS7.3AI score0.00725EPSS
CVE
CVE
added 2014/03/16 10:0 a.m.56 views

CVE-2014-1706

CVE-2014-1706 affects Google Chrome OS, specifically the crosh shell. The vulnerability is a command-injection issue in crosh that allowed attackers to inject commands via unspecified vectors. The issue was addressed in Chrome OS 33.0.1750.152, as noted in the Stable Channel Update, which publish...

7.5CVSS6.4AI score0.00615EPSS
CVE
CVE
added 2014/03/16 10:0 a.m.56 views

CVE-2014-1707

CVE-2014-1707 is a directory traversal vulnerability in CrosDisks on Google Chrome OS prior to 33.0.1750.152. The connected sources confirm CrosDisks path traversal with the Chrome OS 33.0.1750.152 update addressing the issue; exploitation vectors and exact impact are not detailed in the provided...

7.5CVSS6.3AI score0.00789EPSS
CVE
CVE
added 2011/11/24 2:0 a.m.55 views

CVE-2011-4548

CVE-2011-4548 concerns Google Chrome before 16.0.912.44 on Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms. The connected records provide limited details: the vulnerability family is described as multiple unspecified vulnerabilities with unknown impact and attack vectors on these pla...

10CVSS6.7AI score0.00927EPSS
CVE
CVE
added 2011/12/09 8:0 p.m.55 views

CVE-2011-4719

Mode C: CVE-2011-4719 concerns Google Chrome before 16.0.912.63 on Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms. The connected documents provide concrete details: affected product is Google Chrome browser; affected versions are before 16.0.912.63. The root cause and impact are des...

10CVSS6.7AI score0.00709EPSS
CVE
CVE
added 2013/04/16 8:0 p.m.55 views

CVE-2013-2834

CVE-2013-2834 and CVE-2013-2835 affect Google Chrome OS up to version 26.0.1410.57. The issue is an origin restrictions bypass in the O3D and Google Talk plug-ins, allowing remote attackers to bypass the domain-whitelist protection via a crafted site. Affected product: Chrome OS (before 26.0.1410...

5CVSS6.5AI score0.00895EPSS
CVE
CVE
added 2013/04/16 8:0 p.m.55 views

CVE-2013-2835

CVE-2013-2835 : Google Chrome OS prior to 26.0.1410.57 contains an origin restriction bypass in the O3D and Google Talk plug-ins, allowing remote attackers to bypass the domain-whitelist protection via a crafted website. Affected product/version: Google Chrome OS

5CVSS6.5AI score0.00688EPSS
Total number of security vulnerabilities67