Lucene search

K
GoogleChrome

3647 matches found

CVE
CVE
added 2023/05/30 10:15 p.m.435 views

CVE-2023-2940

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00022EPSS
CVE
CVE
added 2024/05/15 9:15 p.m.431 views

CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.01121EPSS
CVE
CVE
added 2025/05/27 9:15 p.m.430 views

CVE-2025-5283

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS7.1AI score0.00074EPSS
CVE
CVE
added 2012/09/15 6:55 p.m.429 views

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences...

2.6CVSS4.9AI score0.24898EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.427 views

CVE-2023-4761

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

8.1CVSS7.6AI score0.0024EPSS
CVE
CVE
added 2025/01/15 11:15 a.m.424 views

CVE-2025-0448

Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.0008EPSS
CVE
CVE
added 2021/04/30 9:15 p.m.423 views

CVE-2021-21230

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01953EPSS
CVE
CVE
added 2025/05/27 9:15 p.m.421 views

CVE-2025-5281

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS6AI score0.00058EPSS
CVE
CVE
added 2025/05/27 9:15 p.m.420 views

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS6AI score0.00058EPSS
CVE
CVE
added 2025/05/27 9:15 p.m.407 views

CVE-2025-5067

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2020/04/13 6:15 p.m.399 views

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01485EPSS
CVE
CVE
added 2025/01/15 11:15 a.m.393 views

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS6.6AI score0.00074EPSS
CVE
CVE
added 2023/12/21 11:15 p.m.390 views

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.02632EPSS
CVE
CVE
added 2024/09/17 9:15 p.m.390 views

CVE-2024-8907

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

6.1CVSS6AI score0.00166EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.389 views

CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02245EPSS
CVE
CVE
added 2025/01/08 7:15 p.m.383 views

CVE-2025-0291

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.01411EPSS
CVE
CVE
added 2023/11/29 12:15 p.m.382 views

CVE-2023-6345

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

9.6CVSS9.2AI score0.0067EPSS
CVE
CVE
added 2025/03/26 4:15 p.m.377 views

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

8.3CVSS6.8AI score0.07186EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.374 views

CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

6.5CVSS6.2AI score0.001EPSS
CVE
CVE
added 2023/01/10 8:15 p.m.372 views

CVE-2023-0129

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

8.8CVSS8.7AI score0.00123EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.371 views

CVE-2020-6457

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01068EPSS
CVE
CVE
added 2023/05/30 10:15 p.m.365 views

CVE-2023-2941

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5AI score0.00083EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.364 views

CVE-2020-6463

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.02781EPSS
CVE
CVE
added 2021/08/03 7:15 p.m.361 views

CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00092EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.357 views

CVE-2018-17466

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS7.1AI score0.00898EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.351 views

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.15279EPSS
CVE
CVE
added 2024/05/14 4:17 p.m.348 views

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.07086EPSS
CVE
CVE
added 2023/03/07 10:15 p.m.345 views

CVE-2023-1234

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00372EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.345 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00296EPSS
CVE
CVE
added 2024/10/29 10:15 p.m.344 views

CVE-2024-10487

Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.7AI score0.00241EPSS
CVE
CVE
added 2019/06/27 5:15 p.m.340 views

CVE-2019-5785

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

6.5CVSS6.9AI score0.00375EPSS
CVE
CVE
added 2023/10/05 6:15 p.m.340 views

CVE-2023-5346

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.0059EPSS
CVE
CVE
added 2025/03/19 7:15 p.m.340 views

CVE-2025-2476

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.8AI score0.1458EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.339 views

CVE-2024-7976

Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00116EPSS
CVE
CVE
added 2021/06/04 6:15 p.m.337 views

CVE-2021-30513

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00665EPSS
CVE
CVE
added 2023/08/25 7:15 p.m.336 views

CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

7.8CVSS7.2AI score0.00183EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.336 views

CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00082EPSS
CVE
CVE
added 2021/08/03 8:15 p.m.335 views

CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00597EPSS
CVE
CVE
added 2024/04/17 8:15 a.m.335 views

CVE-2024-3834

Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0059EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.333 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00418EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.333 views

CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6AI score0.00083EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.333 views

CVE-2024-8033

Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00098EPSS
CVE
CVE
added 2024/01/16 10:15 p.m.332 views

CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00158EPSS
CVE
CVE
added 2022/08/12 8:15 p.m.331 views

CVE-2022-2603

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00419EPSS
CVE
CVE
added 2023/10/11 11:15 p.m.331 views

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00036EPSS
CVE
CVE
added 2024/08/21 9:15 p.m.331 views

CVE-2024-7975

Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00117EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.330 views

CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS7AI score0.79803EPSS
CVE
CVE
added 2020/01/03 11:15 p.m.329 views

CVE-2019-5845

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00966EPSS
CVE
CVE
added 2021/06/04 6:15 p.m.327 views

CVE-2021-30517

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.14196EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.324 views

CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01839EPSS
Total number of security vulnerabilities3647