Lucene search

K
GoogleChrome

3647 matches found

CVE
CVE
added 2015/12/06 1:59 a.m.55 views

CVE-2015-8480

The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspe...

10CVSS9.5AI score0.00789EPSS
CVE
CVE
added 2016/03/06 2:59 a.m.55 views

CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging in...

10CVSS9.2AI score0.05501EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.54 views

CVE-2011-2802

Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.

6.8CVSS7AI score0.01119EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.54 views

CVE-2011-2824

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.54 views

CVE-2011-2855

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

6.8CVSS7.1AI score0.01647EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.54 views

CVE-2011-2860

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

7.5CVSS7AI score0.02121EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.54 views

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.

7.5CVSS7AI score0.02774EPSS
CVE
CVE
added 2012/03/10 7:55 p.m.54 views

CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.

9.3CVSS7.4AI score0.09523EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.54 views

CVE-2011-3052

The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.01444EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.54 views

CVE-2011-3090

Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.

7.6CVSS6.9AI score0.02516EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.54 views

CVE-2011-3093

Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01165EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.54 views

CVE-2011-3098

Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.

7.2CVSS6.1AI score0.00029EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.54 views

CVE-2011-3897

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

6.8CVSS6.9AI score0.02104EPSS
CVE
CVE
added 2012/01/24 4:3 a.m.54 views

CVE-2011-3926

Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.5AI score0.02946EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.54 views

CVE-2011-3971

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.

6.8CVSS7AI score0.01964EPSS
CVE
CVE
added 2012/09/26 10:56 a.m.54 views

CVE-2012-2877

The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS8.5AI score0.00887EPSS
CVE
CVE
added 2012/10/09 11:13 a.m.54 views

CVE-2012-2900

Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS9.3AI score0.00712EPSS
CVE
CVE
added 2012/09/13 8:55 p.m.54 views

CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

4.3CVSS5.4AI score0.00152EPSS
CVE
CVE
added 2012/10/09 11:13 a.m.54 views

CVE-2012-5110

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS8.5AI score0.00535EPSS
CVE
CVE
added 2013/01/15 9:55 p.m.54 views

CVE-2013-0833

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.

5CVSS6.1AI score0.00734EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.54 views

CVE-2013-0890

Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

7.5CVSS7AI score0.00645EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.54 views

CVE-2013-0897

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.

4.3CVSS6AI score0.00784EPSS
CVE
CVE
added 2013/03/05 9:55 p.m.54 views

CVE-2013-0906

The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00519EPSS
CVE
CVE
added 2013/03/05 9:55 p.m.54 views

CVE-2013-0910

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

7.5CVSS6.1AI score0.0036EPSS
CVE
CVE
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0916

Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00561EPSS
CVE
CVE
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0917

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.00535EPSS
CVE
CVE
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0919

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.

7.5CVSS7AI score0.00353EPSS
CVE
CVE
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0926

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.

6.8CVSS6.1AI score0.01452EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.54 views

CVE-2013-2268

Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

7.5CVSS6.2AI score0.00107EPSS
CVE
CVE
added 2014/02/15 2:57 p.m.54 views

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cook...

6.8CVSS6.3AI score0.00683EPSS
CVE
CVE
added 2014/11/19 11:59 a.m.54 views

CVE-2014-7900

Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document...

7.5CVSS7AI score0.01221EPSS
CVE
CVE
added 2019/12/10 9:15 p.m.54 views

CVE-2019-5843

Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.0041EPSS
CVE
CVE
added 2024/08/06 4:15 p.m.54 views

CVE-2024-6994

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00241EPSS
CVE
CVE
added 2024/09/23 11:15 p.m.54 views

CVE-2024-7023

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

8.8CVSS6.7AI score0.00055EPSS
CVE
CVE
added 2024/09/23 11:15 p.m.54 views

CVE-2024-7024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

9.6CVSS6.5AI score0.00085EPSS
CVE
CVE
added 2024/08/06 9:16 p.m.54 views

CVE-2024-7533

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00222EPSS
CVE
CVE
added 2009/07/21 4:30 p.m.53 views

CVE-2009-2555

Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

9.3CVSS7.9AI score0.27184EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.53 views

CVE-2009-3268

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

5CVSS6.2AI score0.19497EPSS
CVE
CVE
added 2010/02/18 5:30 p.m.53 views

CVE-2010-0556

browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, ...

4.3CVSS5.8AI score0.00314EPSS
CVE
CVE
added 2010/04/01 10:30 p.m.53 views

CVE-2010-1233

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.

10CVSS8.3AI score0.0174EPSS
CVE
CVE
added 2010/05/03 1:51 p.m.53 views

CVE-2010-1664

Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

5CVSS8.6AI score0.0188EPSS
CVE
CVE
added 2010/10/04 9:0 p.m.53 views

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-...

8.8CVSS8.7AI score0.02967EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.53 views

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

9.3CVSS8.9AI score0.10393EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.53 views

CVE-2010-2299

The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data ...

10CVSS8.6AI score0.03885EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.53 views

CVE-2010-2648

The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

9.3CVSS8.9AI score0.02851EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.53 views

CVE-2010-3113

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonControll...

10CVSS9.2AI score0.03062EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.53 views

CVE-2010-3118

The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.

5CVSS5.8AI score0.00227EPSS
CVE
CVE
added 2010/09/16 9:0 p.m.53 views

CVE-2010-3412

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

9.3CVSS9.1AI score0.00222EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.53 views

CVE-2010-4042

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

9.8CVSS9.5AI score0.01947EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.53 views

CVE-2011-1124

Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.

7.5CVSS7.2AI score0.0187EPSS
Total number of security vulnerabilities3647