Lucene search

K
GoogleChrome

3647 matches found

CVE
CVE
added 2015/01/22 10:59 p.m.54 views

CVE-2014-7935

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.

7.5CVSS9.4AI score0.0213EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.54 views

CVE-2015-1216

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.54 views

CVE-2015-1225

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS5.9AI score0.00755EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.54 views

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

7.5CVSS6.8AI score0.00712EPSS
CVE
CVE
added 2015/12/24 3:59 a.m.54 views

CVE-2015-8664

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerabil...

8.8CVSS9.3AI score0.19696EPSS
CVE
CVE
added 2016/01/25 11:59 a.m.54 views

CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.8CVSS9.5AI score0.003EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.53 views

CVE-2011-1294

Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS7.1AI score0.01942EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.53 views

CVE-2011-1435

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.

5CVSS5.9AI score0.00922EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.53 views

CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00692EPSS
CVE
CVE
added 2011/06/09 7:55 p.m.53 views

CVE-2011-2342

The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

4.3CVSS6.1AI score0.00323EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.53 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.53 views

CVE-2011-2841

Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7AI score0.21909EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.53 views

CVE-2011-2859

Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.

6.8CVSS6.2AI score0.00149EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.53 views

CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.

4.3CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.53 views

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

4.3CVSS6.8AI score0.01656EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.53 views

CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3CVSS5.3AI score0.00753EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.53 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.53 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.53 views

CVE-2011-3083

browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.

5CVSS6AI score0.02166EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.53 views

CVE-2011-3104

Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.01461EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.53 views

CVE-2011-3114

Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.

7.5CVSS7.3AI score0.01506EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.53 views

CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS7AI score0.02414EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.53 views

CVE-2011-3912

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.53 views

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

4.3CVSS7AI score0.01891EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.53 views

CVE-2012-5122

Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.9AI score0.01382EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.53 views

CVE-2012-5127

Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

7.5CVSS7.2AI score0.01274EPSS
CVE
CVE
added 2012/10/11 10:51 a.m.53 views

CVE-2012-5376

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

9.6CVSS9AI score0.04592EPSS
CVE
CVE
added 2013/01/15 9:55 p.m.53 views

CVE-2013-0830

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

7.5CVSS6.1AI score0.00198EPSS
CVE
CVE
added 2013/01/24 9:55 p.m.53 views

CVE-2013-0839

Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2013/01/24 9:55 p.m.53 views

CVE-2013-0840

Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.

10CVSS6.3AI score0.00342EPSS
CVE
CVE
added 2013/01/24 9:55 p.m.53 views

CVE-2013-0842

Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.

10CVSS6.1AI score0.00342EPSS
CVE
CVE
added 2013/03/28 12:18 p.m.53 views

CVE-2013-0924

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.

7.5CVSS6AI score0.00147EPSS
CVE
CVE
added 2014/01/28 2:30 p.m.53 views

CVE-2014-1681

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."

10CVSS6.4AI score0.00324EPSS
CVE
CVE
added 2014/05/21 11:14 a.m.53 views

CVE-2014-1749

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.00337EPSS
CVE
CVE
added 2024/07/16 11:15 p.m.53 views

CVE-2019-25154

Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

9.6CVSS6.5AI score0.00256EPSS
CVE
CVE
added 2020/11/03 3:15 a.m.53 views

CVE-2020-15996

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.9AI score0.00979EPSS
CVE
CVE
added 2009/11/12 5:54 p.m.52 views

CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated b...

4.3CVSS8.2AI score0.0143EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.52 views

CVE-2010-0657

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creatin...

9.3CVSS6.9AI score0.01298EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.52 views

CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

9.3CVSS8.8AI score0.06977EPSS
CVE
CVE
added 2010/04/01 10:30 p.m.52 views

CVE-2010-1235

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.

4.3CVSS6.3AI score0.00242EPSS
CVE
CVE
added 2010/09/24 7:0 p.m.52 views

CVE-2010-1767

Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest ope...

6.8CVSS8.4AI score0.00632EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.52 views

CVE-2010-2301

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

4.3CVSS6.9AI score0.00908EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.52 views

CVE-2010-3248

Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.

5CVSS9.1AI score0.00435EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.52 views

CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

9.3CVSS9AI score0.12151EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.52 views

CVE-2010-5073

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-201...

5CVSS5.5AI score0.00204EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.52 views

CVE-2011-0471

The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10CVSS7.2AI score0.02883EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.52 views

CVE-2011-1108

Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

6.8CVSS6.9AI score0.00892EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.52 views

CVE-2011-1190

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5CVSS8.2AI score0.00674EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.52 views

CVE-2011-1285

The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.3AI score0.01942EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.52 views

CVE-2011-1437

Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.

6.8CVSS7.1AI score0.00701EPSS
Total number of security vulnerabilities3647