Lucene search

K
GoogleChrome

3647 matches found

CVE
CVE
added 2014/11/19 11:59 a.m.53 views

CVE-2014-7909

effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.

5CVSS6AI score0.0166EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.53 views

CVE-2014-7945

OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.

5CVSS8.6AI score0.01675EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.52 views

CVE-2011-1439

Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.

6.8CVSS6.3AI score0.00248EPSS
CVE
CVE
added 2011/06/09 7:55 p.m.52 views

CVE-2011-1814

Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

5.8CVSS7.1AI score0.01182EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.52 views

CVE-2011-2792

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.52 views

CVE-2011-2829

Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.

7.5CVSS7.3AI score0.00519EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.52 views

CVE-2011-2835

Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.

6.8CVSS6.8AI score0.00103EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.52 views

CVE-2011-3015

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.0062EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.52 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.52 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS
CVE
CVE
added 2012/05/01 10:12 a.m.52 views

CVE-2011-3080

Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.

7.6CVSS6AI score0.00393EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.52 views

CVE-2011-3086

Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.

10CVSS6.9AI score0.07532EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.52 views

CVE-2011-3089

Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.

10CVSS6.9AI score0.04567EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.52 views

CVE-2011-3094

Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01461EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.52 views

CVE-2011-3097

The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.

10CVSS7.1AI score0.03505EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.52 views

CVE-2011-3099

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.

10CVSS7.1AI score0.04004EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.52 views

CVE-2011-3883

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.

7.5CVSS7AI score0.00712EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.52 views

CVE-2011-3898

Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.

7.5CVSS6.3AI score0.01694EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.52 views

CVE-2011-3959

Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS9.5AI score0.03156EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.52 views

CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS9.3AI score0.07118EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.52 views

CVE-2011-3969

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.

6.8CVSS7AI score0.01964EPSS
CVE
CVE
added 2012/07/12 9:55 p.m.52 views

CVE-2012-2842

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

7.5CVSS7AI score0.01461EPSS
CVE
CVE
added 2012/08/31 7:55 p.m.52 views

CVE-2012-2866

Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

7.5CVSS9.1AI score0.01615EPSS
CVE
CVE
added 2012/08/31 7:55 p.m.52 views

CVE-2012-2867

The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS8.5AI score0.01382EPSS
CVE
CVE
added 2012/09/13 8:55 p.m.52 views

CVE-2012-4903

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.

5CVSS5.8AI score0.08153EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.52 views

CVE-2012-5116

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.

7.5CVSS7.1AI score0.01382EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.52 views

CVE-2012-5117

Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.

7.5CVSS6.2AI score0.00228EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.52 views

CVE-2012-5126

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.

7.5CVSS7.1AI score0.01382EPSS
CVE
CVE
added 2012/12/12 11:38 a.m.52 views

CVE-2012-5143

Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.

10CVSS7.3AI score0.01696EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.52 views

CVE-2013-0884

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

6.8CVSS6.2AI score0.00258EPSS
CVE
CVE
added 2013/03/05 9:55 p.m.52 views

CVE-2013-0903

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.

7.5CVSS7AI score0.00561EPSS
CVE
CVE
added 2013/03/05 9:55 p.m.52 views

CVE-2013-0908

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

7.5CVSS6.1AI score0.00195EPSS
CVE
CVE
added 2013/10/02 10:35 a.m.52 views

CVE-2013-2914

Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.

6.8CVSS7AI score0.0109EPSS
CVE
CVE
added 2014/04/09 10:57 a.m.52 views

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

7.5CVSS7AI score0.01102EPSS
CVE
CVE
added 2014/04/09 10:57 a.m.52 views

CVE-2014-1723

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.

7.5CVSS6AI score0.01207EPSS
CVE
CVE
added 2014/04/09 10:57 a.m.52 views

CVE-2014-1727

Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.

7.5CVSS7AI score0.01274EPSS
CVE
CVE
added 2014/10/08 10:55 a.m.52 views

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.

7.5CVSS7.1AI score0.00228EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.52 views

CVE-2015-2239

Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging ...

4.3CVSS5.4AI score0.01158EPSS
CVE
CVE
added 2016/05/14 9:59 p.m.52 views

CVE-2016-1671

Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.

8.1CVSS7.8AI score0.00205EPSS
CVE
CVE
added 2017/01/19 5:59 a.m.52 views

CVE-2016-5197

The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.

8.8CVSS7.9AI score0.00617EPSS
CVE
CVE
added 2023/07/29 12:15 a.m.52 views

CVE-2021-4322

Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.00061EPSS
CVE
CVE
added 2023/07/29 12:15 a.m.52 views

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00055EPSS
CVE
CVE
added 2008/09/30 5:22 p.m.51 views

CVE-2008-4340

Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.

4.3CVSS6.3AI score0.08466EPSS
CVE
CVE
added 2009/08/24 7:30 p.m.51 views

CVE-2008-7061

The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displa...

4.3CVSS6.3AI score0.19302EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.51 views

CVE-2010-0643

Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy ...

4.3CVSS6AI score0.00345EPSS
CVE
CVE
added 2010/04/23 2:30 p.m.51 views

CVE-2010-1504

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.

4.3CVSS5.3AI score0.0036EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.51 views

CVE-2010-2645

Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.

6.8CVSS6.3AI score0.00389EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.51 views

CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impr...

10CVSS9.2AI score0.12275EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.51 views

CVE-2010-3119

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.4AI score0.00458EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.51 views

CVE-2010-4489

libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.

4.3CVSS6.2AI score0.00763EPSS
Total number of security vulnerabilities3647