Lucene search

K
GoogleChrome

3663 matches found

cve
cve
added 2013/01/15 9:55 p.m.54 views

CVE-2013-0830

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

7.5CVSS6.1AI score0.00198EPSS
cve
cve
added 2013/03/05 9:55 p.m.54 views

CVE-2013-0906

The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00519EPSS
cve
cve
added 2013/03/05 9:55 p.m.54 views

CVE-2013-0910

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

7.5CVSS6.1AI score0.0036EPSS
cve
cve
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0916

Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00561EPSS
cve
cve
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0917

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.00535EPSS
cve
cve
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0919

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.

7.5CVSS7AI score0.00353EPSS
cve
cve
added 2013/03/28 12:18 p.m.54 views

CVE-2013-0926

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.

6.8CVSS6.1AI score0.01452EPSS
cve
cve
added 2013/02/23 9:55 p.m.54 views

CVE-2013-2268

Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

7.5CVSS6.2AI score0.00107EPSS
cve
cve
added 2014/02/15 2:57 p.m.54 views

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cook...

6.8CVSS6.3AI score0.00683EPSS
cve
cve
added 2014/01/28 2:30 p.m.54 views

CVE-2014-1681

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."

10CVSS6.4AI score0.00324EPSS
cve
cve
added 2014/05/21 11:14 a.m.54 views

CVE-2014-1749

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.00382EPSS
cve
cve
added 2014/11/19 11:59 a.m.54 views

CVE-2014-7909

effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.

5CVSS6AI score0.0166EPSS
cve
cve
added 2015/03/09 12:59 a.m.54 views

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

7.5CVSS6.8AI score0.00712EPSS
cve
cve
added 2015/12/24 3:59 a.m.54 views

CVE-2015-8664

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerabil...

8.8CVSS9.3AI score0.19696EPSS
Web
cve
cve
added 2016/03/06 2:59 a.m.54 views

CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other...

9.3CVSS9.2AI score0.01912EPSS
cve
cve
added 2016/09/25 8:59 p.m.54 views

CVE-2016-7549

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveragi...

8.8CVSS6.9AI score0.00725EPSS
cve
cve
added 2019/12/10 9:15 p.m.54 views

CVE-2019-5843

Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.0041EPSS
cve
cve
added 2024/09/23 11:15 p.m.54 views

CVE-2024-7023

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

8.8CVSS6.7AI score0.00055EPSS
cve
cve
added 2024/09/23 11:15 p.m.54 views

CVE-2024-7024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

9.6CVSS6.5AI score0.00085EPSS
cve
cve
added 2009/07/21 4:30 p.m.53 views

CVE-2009-2555

Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

9.3CVSS7.9AI score0.27184EPSS
cve
cve
added 2009/09/18 10:30 p.m.53 views

CVE-2009-3268

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

5CVSS6.2AI score0.19497EPSS
cve
cve
added 2010/02/18 6:0 p.m.53 views

CVE-2010-0657

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creatin...

9.3CVSS6.9AI score0.01298EPSS
cve
cve
added 2010/04/01 10:30 p.m.53 views

CVE-2010-1233

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.

10CVSS8.3AI score0.0183EPSS
cve
cve
added 2010/05/03 1:51 p.m.53 views

CVE-2010-1664

Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

5CVSS8.6AI score0.0188EPSS
cve
cve
added 2010/10/04 9:0 p.m.53 views

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-...

8.8CVSS8.7AI score0.02967EPSS
cve
cve
added 2010/06/15 6:0 p.m.53 views

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

9.3CVSS8.9AI score0.10393EPSS
cve
cve
added 2010/06/15 6:0 p.m.53 views

CVE-2010-2299

The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data ...

10CVSS8.6AI score0.03885EPSS
cve
cve
added 2010/08/24 8:0 p.m.53 views

CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impr...

10CVSS9.2AI score0.12275EPSS
cve
cve
added 2010/08/24 8:0 p.m.53 views

CVE-2010-3118

The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.

5CVSS5.8AI score0.00227EPSS
cve
cve
added 2010/08/24 8:0 p.m.53 views

CVE-2010-3119

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.4AI score0.00458EPSS
cve
cve
added 2010/09/16 9:0 p.m.53 views

CVE-2010-3412

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

9.3CVSS9.1AI score0.00222EPSS
cve
cve
added 2010/10/21 7:0 p.m.53 views

CVE-2010-4042

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

9.8CVSS9.5AI score0.01947EPSS
cve
cve
added 2011/12/07 7:55 p.m.53 views

CVE-2010-5073

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-201...

5CVSS5.5AI score0.00204EPSS
cve
cve
added 2011/03/01 11:0 p.m.53 views

CVE-2011-1124

Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.

7.5CVSS7.2AI score0.0187EPSS
cve
cve
added 2011/03/25 7:55 p.m.53 views

CVE-2011-1294

Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS7.1AI score0.01942EPSS
cve
cve
added 2011/05/03 10:55 p.m.53 views

CVE-2011-1435

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.

5CVSS5.9AI score0.00922EPSS
cve
cve
added 2011/05/03 10:55 p.m.53 views

CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00692EPSS
cve
cve
added 2011/06/09 7:55 p.m.53 views

CVE-2011-2342

The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

4.3CVSS6.1AI score0.00323EPSS
cve
cve
added 2011/08/03 12:55 a.m.53 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS
cve
cve
added 2011/08/03 12:55 a.m.53 views

CVE-2011-2792

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

6.8CVSS7AI score0.02007EPSS
cve
cve
added 2011/09/19 12:2 p.m.53 views

CVE-2011-2841

Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7AI score0.12187EPSS
cve
cve
added 2011/09/19 12:2 p.m.53 views

CVE-2011-2859

Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.

6.8CVSS6.2AI score0.00149EPSS
cve
cve
added 2012/03/22 4:55 p.m.53 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS
cve
cve
added 2012/03/30 10:55 p.m.53 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS
cve
cve
added 2012/05/01 10:12 a.m.53 views

CVE-2011-3080

Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.

7.6CVSS6AI score0.00393EPSS
cve
cve
added 2012/05/16 12:55 a.m.53 views

CVE-2011-3086

Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.

10CVSS6.9AI score0.07532EPSS
cve
cve
added 2012/05/16 12:55 a.m.53 views

CVE-2011-3089

Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.

10CVSS6.9AI score0.04567EPSS
cve
cve
added 2012/05/16 12:55 a.m.53 views

CVE-2011-3094

Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01461EPSS
cve
cve
added 2012/05/16 12:55 a.m.53 views

CVE-2011-3095

The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

10CVSS7AI score0.0302EPSS
cve
cve
added 2012/05/24 6:55 p.m.53 views

CVE-2011-3104

Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.01461EPSS
Total number of security vulnerabilities3663