Lucene search

K
GoogleChrome

3663 matches found

CVE
CVE
added 2010/08/24 8:0 p.m.55 views

CVE-2010-3113

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonControll...

10CVSS9.2AI score0.03062EPSS
CVE
CVE
added 2014/11/19 11:59 a.m.55 views

CVE-2014-7900

Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document...

7.5CVSS7AI score0.01221EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.55 views

CVE-2014-7935

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.

7.5CVSS9.4AI score0.0213EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.55 views

CVE-2014-7945

OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.

5CVSS8.6AI score0.01675EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.55 views

CVE-2015-1216

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.55 views

CVE-2015-1225

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS5.9AI score0.00755EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.55 views

CVE-2015-3335

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct ro...

7.5CVSS6.6AI score0.02071EPSS
CVE
CVE
added 2015/09/03 10:59 p.m.55 views

CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.

4.3CVSS6.2AI score0.00354EPSS
CVE
CVE
added 2024/08/06 4:15 p.m.55 views

CVE-2024-6994

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00241EPSS
CVE
CVE
added 2024/08/06 9:16 p.m.55 views

CVE-2024-7533

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00222EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.54 views

CVE-2009-3263

Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content."

4.3CVSS5.3AI score0.0039EPSS
CVE
CVE
added 2009/11/12 5:54 p.m.54 views

CVE-2009-3931

Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automat...

9.3CVSS6AI score0.04518EPSS
CVE
CVE
added 2010/02/18 5:30 p.m.54 views

CVE-2010-0556

browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, ...

4.3CVSS5.8AI score0.00314EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.54 views

CVE-2010-0646

Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.

10CVSS7.5AI score0.10913EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.54 views

CVE-2010-0649

Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed mes...

9.3CVSS7.4AI score0.00482EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.54 views

CVE-2010-0658

Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.

9.3CVSS7.8AI score0.03897EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.54 views

CVE-2010-0660

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.

5CVSS5.7AI score0.00177EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.54 views

CVE-2010-2295

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: thi...

4.3CVSS8AI score0.01184EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.54 views

CVE-2010-2648

The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

9.3CVSS8.9AI score0.02851EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.54 views

CVE-2010-2652

Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS6.2AI score0.00159EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.54 views

CVE-2010-3112

Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS7AI score0.00343EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.54 views

CVE-2010-3120

Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.5AI score0.00769EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.54 views

CVE-2010-3252

Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10CVSS7AI score0.00402EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.54 views

CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

9.3CVSS9AI score0.12151EPSS
CVE
CVE
added 2010/09/16 9:0 p.m.54 views

CVE-2010-3415

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.5AI score0.01185EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.54 views

CVE-2011-1117

Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."

7.5CVSS8.7AI score0.02823EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.54 views

CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.01366EPSS
CVE
CVE
added 2011/04/15 7:55 p.m.54 views

CVE-2011-1301

Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.

9.3CVSS7.3AI score0.0186EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.54 views

CVE-2011-1304

Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.

5CVSS6AI score0.00123EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.54 views

CVE-2011-1445

Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.2AI score0.00689EPSS
CVE
CVE
added 2011/04/15 12:55 a.m.54 views

CVE-2011-1691

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset a...

5CVSS6.3AI score0.02056EPSS
CVE
CVE
added 2011/06/30 3:55 p.m.54 views

CVE-2011-2599

Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3CVSS6.4AI score0.00223EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.54 views

CVE-2011-2790

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.54 views

CVE-2011-2802

Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.

6.8CVSS7AI score0.01119EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.54 views

CVE-2011-2824

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.54 views

CVE-2011-2855

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

6.8CVSS7.1AI score0.01647EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.54 views

CVE-2011-2856

Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5CVSS6.1AI score0.00157EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.54 views

CVE-2011-2860

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

7.5CVSS7AI score0.02121EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.54 views

CVE-2011-3015

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.0062EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.54 views

CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.

4.3CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.54 views

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

4.3CVSS6.8AI score0.01656EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.54 views

CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3CVSS5.3AI score0.00753EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.54 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.54 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.54 views

CVE-2011-3083

browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.

5CVSS6AI score0.02166EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.54 views

CVE-2011-3897

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

6.8CVSS6.9AI score0.02104EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.54 views

CVE-2011-3912

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2012/10/09 11:13 a.m.54 views

CVE-2012-2900

Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS9.3AI score0.00712EPSS
CVE
CVE
added 2012/09/13 8:55 p.m.54 views

CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

4.3CVSS5.4AI score0.00152EPSS
CVE
CVE
added 2012/10/09 11:13 a.m.54 views

CVE-2012-5110

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS8.5AI score0.00535EPSS
Total number of security vulnerabilities3663