Chrome Security Vulnerabilities and Issues — Page 4 of Chrome CVE List

Lucene search

GoogleChrome

162 matches found

CVE•added 2018/08/28 7:29 p.m.•69 views

CVE-2017-15427

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

6.1CVSS6.2AI score0.00388EPSS

CVE•added 2018/08/28 8:29 p.m.•68 views

CVE-2017-15398

A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.

9.8CVSS9AI score0.10106EPSS

CVE•added 2018/02/07 11:29 p.m.•67 views

CVE-2017-15388

Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.02327EPSS

CVE•added 2018/02/07 11:29 p.m.•67 views

CVE-2017-5125

Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01374EPSS

CVE•added 2018/02/07 11:29 p.m.•66 views

CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

8.8CVSS7.7AI score0.01125EPSS

CVE•added 2018/08/28 8:29 p.m.•65 views

CVE-2017-15406

A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.01017EPSS

CVE•added 2018/08/28 7:29 p.m.•65 views

CVE-2017-15426

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00686EPSS

CVE•added 2018/08/28 7:29 p.m.•63 views

CVE-2017-15425

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00686EPSS

CVE•added 2018/02/07 11:29 p.m.•63 views

CVE-2017-5128

Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.

8.8CVSS8.6AI score0.01337EPSS

CVE•added 2018/02/07 11:29 p.m.•62 views

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

8.8CVSS8.3AI score0.01218EPSS

CVE•added 2018/02/07 11:29 p.m.•61 views

CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

6.5CVSS7.1AI score0.01495EPSS

CVE•added 2018/08/28 7:29 p.m.•56 views

CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

4.3CVSS5AI score0.00156EPSS

Total number of security vulnerabilities162