Lucene search

K
GoogleChrome

3647 matches found

CVE
CVE
added 2014/11/19 11:59 a.m.52 views

CVE-2014-7906

Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetim...

7.5CVSS7.1AI score0.01037EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.52 views

CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.

7.5CVSS9.3AI score0.0291EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.52 views

CVE-2014-7944

The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

5CVSS8.6AI score0.01675EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.52 views

CVE-2015-1213

The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.

7.5CVSS6.8AI score0.00974EPSS
CVE
CVE
added 2016/09/25 8:59 p.m.52 views

CVE-2016-7549

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveragi...

8.8CVSS6.9AI score0.00725EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.51 views

CVE-2011-0982

Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.

10CVSS7.2AI score0.02994EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.51 views

CVE-2011-1125

Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS7.3AI score0.0187EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.51 views

CVE-2011-1191

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.

7.5CVSS7.2AI score0.01942EPSS
CVE
CVE
added 2011/04/15 7:55 p.m.51 views

CVE-2011-1300

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remo...

10CVSS7.4AI score0.04169EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.51 views

CVE-2011-1450

Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

5CVSS7.1AI score0.01494EPSS
CVE
CVE
added 2011/05/16 5:55 p.m.51 views

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00614EPSS
CVE
CVE
added 2011/06/09 7:55 p.m.51 views

CVE-2011-1809

Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.01182EPSS
CVE
CVE
added 2011/05/10 6:55 p.m.51 views

CVE-2011-2075

Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is...

9.3CVSS7.9AI score0.02977EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.51 views

CVE-2011-2358

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

6.8CVSS6AI score0.00708EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.51 views

CVE-2011-2804

Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

4.3CVSS9.3AI score0.02972EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.51 views

CVE-2011-2806

Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.8AI score0.04598EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.51 views

CVE-2011-2861

Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.

6.8CVSS8.8AI score0.02904EPSS
CVE
CVE
added 2011/10/04 8:55 p.m.51 views

CVE-2011-2877

Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."

6.8CVSS7.1AI score0.01611EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.51 views

CVE-2011-3017

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.

6.8CVSS7AI score0.0063EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.51 views

CVE-2011-3054

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

4.3CVSS6.2AI score0.00656EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.51 views

CVE-2011-3057

Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.

4.3CVSS5.9AI score0.02009EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.51 views

CVE-2011-3092

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.

10CVSS7.1AI score0.02943EPSS
CVE
CVE
added 2012/05/16 12:55 a.m.51 views

CVE-2011-3095

The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

10CVSS7AI score0.0302EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.51 views

CVE-2011-3107

Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.0188EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.51 views

CVE-2011-3878

Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.

6.8CVSS7AI score0.00516EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.51 views

CVE-2011-3884

Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7.1AI score0.0078EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.51 views

CVE-2011-3889

Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.5AI score0.00716EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.51 views

CVE-2011-3891

Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00784EPSS
CVE
CVE
added 2012/06/27 10:18 a.m.51 views

CVE-2012-2832

The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.00775EPSS
CVE
CVE
added 2012/08/06 3:55 p.m.51 views

CVE-2012-2849

Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

4.3CVSS8.5AI score0.01384EPSS
CVE
CVE
added 2012/08/06 3:55 p.m.51 views

CVE-2012-2854

Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.

5CVSS5.7AI score0.0023EPSS
CVE
CVE
added 2012/09/26 10:56 a.m.51 views

CVE-2012-2885

Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.

7.5CVSS9.3AI score0.01382EPSS
CVE
CVE
added 2012/09/26 10:56 a.m.51 views

CVE-2012-2889

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

4.3CVSS7AI score0.00389EPSS
CVE
CVE
added 2012/09/26 10:56 a.m.51 views

CVE-2012-2890

Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7AI score0.01383EPSS
CVE
CVE
added 2013/01/15 9:55 p.m.51 views

CVE-2013-0838

Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.

7.5CVSS6.2AI score0.00147EPSS
CVE
CVE
added 2013/01/24 9:55 p.m.51 views

CVE-2013-0841

Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.1AI score0.00519EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.51 views

CVE-2013-0889

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

6.8CVSS7.3AI score0.01642EPSS
CVE
CVE
added 2013/03/05 9:55 p.m.51 views

CVE-2013-0907

Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.

7.5CVSS7AI score0.00402EPSS
CVE
CVE
added 2013/05/22 1:29 p.m.51 views

CVE-2013-2836

Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.9AI score0.00684EPSS
CVE
CVE
added 2014/04/09 10:57 a.m.51 views

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.

4.3CVSS5.9AI score0.00373EPSS
CVE
CVE
added 2014/04/09 10:57 a.m.51 views

CVE-2014-1728

Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.0041EPSS
CVE
CVE
added 2014/05/14 11:13 a.m.51 views

CVE-2014-1741

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS7AI score0.01663EPSS
CVE
CVE
added 2014/05/21 11:14 a.m.51 views

CVE-2014-3803

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

4.3CVSS6.1AI score0.00682EPSS
CVE
CVE
added 2015/01/27 8:4 p.m.51 views

CVE-2015-1359

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue...

6.8CVSS9.3AI score0.01201EPSS
CVE
CVE
added 2017/04/21 8:59 p.m.51 views

CVE-2016-5168

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

7.5CVSS8.1AI score0.09634EPSS
CVE
CVE
added 2016/09/06 10:59 a.m.51 views

CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS
CVE
CVE
added 2019/11/25 4:15 p.m.51 views

CVE-2019-15684

Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

4.3CVSS4.2AI score0.00118EPSS
CVE
CVE
added 2024/07/16 11:15 p.m.51 views

CVE-2023-7010

Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00595EPSS
CVE
CVE
added 2024/08/06 4:15 p.m.51 views

CVE-2024-6998

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00208EPSS
CVE
CVE
added 2009/08/19 5:24 a.m.50 views

CVE-2008-6995

Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.

4.3CVSS6.6AI score0.098EPSS
Total number of security vulnerabilities3647