Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleChrome

3647 matches found

CVE
CVEadded 2015/03/09 12:59 a.m.72 views

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (app...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVEadded 2015/05/20 10:59 a.m.72 views

CVE-2015-1252

common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, re...

7.5CVSS6.3AI score0.01241EPSS
CVE
CVEadded 2018/01/09 4:29 p.m.72 views

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

9.3CVSS9AI score0.01044EPSS
CVE
CVEadded 2015/04/19 10:59 a.m.72 views

CVE-2015-3333

Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.00241EPSS
CVE
CVEadded 2015/04/19 10:59 a.m.72 views

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document contai...

4.3CVSS6.2AI score0.00892EPSS
CVE
CVEadded 2015/10/15 10:59 a.m.72 views

CVE-2015-6758

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

6.8CVSS9.4AI score0.00964EPSS
CVE
CVEadded 2015/12/06 1:59 a.m.72 views

CVE-2015-6767

Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance associa...

7.5CVSS9.4AI score0.01583EPSS
CVE
CVEadded 2015/12/06 1:59 a.m.72 views

CVE-2015-6780

Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.

6.8CVSS9.3AI score0.01155EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.72 views

CVE-2016-1679

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via...

8.8CVSS8.8AI score0.01532EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.72 views

CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

8.8CVSS7.8AI score0.0165EPSS
CVE
CVEadded 2016/12/18 3:59 a.m.72 views

CVE-2016-5185

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

8.8CVSS7AI score0.00512EPSS
CVE
CVEadded 2017/01/19 5:59 a.m.72 views

CVE-2016-5215

A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.9AI score0.00492EPSS
CVE
CVEadded 2017/01/19 5:59 a.m.72 views

CVE-2016-5221

Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.

6.8CVSS6.6AI score0.00303EPSS
CVE
CVEadded 2017/01/19 5:59 a.m.72 views

CVE-2016-5225

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.

4.3CVSS5.1AI score0.00231EPSS
CVE
CVEadded 2017/01/19 5:59 a.m.72 views

CVE-2016-5226

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

6.1CVSS6.7AI score0.00163EPSS
CVE
CVEadded 2017/02/17 7:59 a.m.72 views

CVE-2017-5013

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00601EPSS
CVE
CVEadded 2017/02/17 7:59 a.m.72 views

CVE-2017-5020

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.

6.1CVSS7AI score0.00542EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5081

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

3.3CVSS5.1AI score0.00025EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5082

Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.

5.5CVSS5.4AI score0.00029EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5097

Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.01098EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5104

Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5118

Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS5AI score0.00606EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.72 views

CVE-2017-5120

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmi...

6.5CVSS6.5AI score0.00869EPSS
CVE
CVEadded 2022/09/29 2:15 a.m.72 views

CVE-2019-5797

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.8AI score0.03112EPSS
CVE
CVEadded 2022/07/28 1:15 a.m.72 views

CVE-2022-2415

Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.0089EPSS
CVE
CVEadded 2022/11/01 8:15 p.m.72 views

CVE-2022-3318

Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00265EPSS
CVE
CVEadded 2022/11/01 8:15 p.m.72 views

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)

4.3CVSS4.8AI score0.00045EPSS
CVE
CVEadded 2023/07/29 12:15 a.m.72 views

CVE-2023-2314

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS6.3AI score0.00031EPSS
CVE
CVEadded 2023/08/01 11:15 p.m.72 views

CVE-2023-3731

Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS9AI score0.00071EPSS
CVE
CVEadded 2010/02/18 6:0 p.m.71 views

CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive in...

4.3CVSS7.3AI score0.02258EPSS
CVE
CVEadded 2011/02/10 7:0 p.m.71 views

CVE-2011-0981

Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.8AI score0.02239EPSS
CVE
CVEadded 2011/03/25 7:55 p.m.71 views

CVE-2011-1293

Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.6AI score0.01451EPSS
CVE
CVEadded 2011/10/28 2:49 a.m.71 views

CVE-2011-3640

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but ...

7.1CVSS8.7AI score0.00342EPSS
CVE
CVEadded 2012/05/01 10:12 a.m.71 views

CVE-2012-1521

Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.07354EPSS
CVE
CVEadded 2013/01/15 9:55 p.m.71 views

CVE-2012-5150

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.

7.5CVSS8.7AI score0.00712EPSS
CVE
CVEadded 2013/06/05 12:55 a.m.71 views

CVE-2013-2854

Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.9AI score0.0061EPSS
CVE
CVEadded 2013/06/05 12:55 a.m.71 views

CVE-2013-2856

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.

7.5CVSS7AI score0.0061EPSS
CVE
CVEadded 2013/10/02 10:35 a.m.71 views

CVE-2013-2909

Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.

7.5CVSS6.9AI score0.02346EPSS
CVE
CVEadded 2014/07/20 11:12 a.m.71 views

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

6.8CVSS5.9AI score0.00571EPSS
CVE
CVEadded 2014/09/10 10:55 a.m.71 views

CVE-2014-3178

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.

7.5CVSS7AI score0.01291EPSS
CVE
CVEadded 2014/10/08 10:55 a.m.71 views

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.00558EPSS
CVE
CVEadded 2015/05/20 10:59 a.m.71 views

CVE-2015-1254

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

5CVSS6.1AI score0.01448EPSS
CVE
CVEadded 2015/05/20 10:59 a.m.71 views

CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.

4.3CVSS9.3AI score0.00689EPSS
CVE
CVEadded 2015/07/23 12:59 a.m.71 views

CVE-2015-1271

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory ...

6.8CVSS9.4AI score0.02867EPSS
CVE
CVEadded 2015/09/03 10:59 p.m.71 views

CVE-2015-1296

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a U...

5CVSS8.8AI score0.00871EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.71 views

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker regi...

6.1CVSS6.6AI score0.00466EPSS
CVE
CVEadded 2016/09/11 10:59 a.m.71 views

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote ...

8.8CVSS7.6AI score0.01554EPSS
CVE
CVEadded 2016/09/11 10:59 a.m.71 views

CVE-2016-5153

The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other i...

8.8CVSS7.4AI score0.01834EPSS
CVE
CVEadded 2016/09/11 10:59 a.m.71 views

CVE-2016-5156

extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free...

8.8CVSS7.5AI score0.01684EPSS
CVE
CVEadded 2016/09/11 10:59 a.m.71 views

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, whic...

6.5CVSS6.7AI score0.00682EPSS
Total number of security vulnerabilities3647