Lucene search

K
GoogleChrome

3647 matches found

cve
cve
added 2015/01/22 10:59 p.m.51 views

CVE-2014-7938

The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS9.4AI score0.02358EPSS
cve
cve
added 2015/03/09 12:59 a.m.51 views

CVE-2015-1221

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related ...

7.5CVSS6.9AI score0.00867EPSS
cve
cve
added 2015/01/22 10:59 p.m.51 views

CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS9.5AI score0.00313EPSS
cve
cve
added 2016/03/06 2:59 a.m.51 views

CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other...

9.3CVSS9.2AI score0.01912EPSS
cve
cve
added 2009/08/24 3:30 p.m.50 views

CVE-2009-2955

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

5CVSS6.6AI score0.08294EPSS
cve
cve
added 2010/04/01 10:30 p.m.50 views

CVE-2010-1229

The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.

10CVSS6.3AI score0.00586EPSS
cve
cve
added 2010/04/23 2:30 p.m.50 views

CVE-2010-1500

Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."

7.5CVSS6.3AI score0.00216EPSS
cve
cve
added 2010/07/06 5:17 p.m.50 views

CVE-2010-2649

Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.

4.3CVSS6.3AI score0.00426EPSS
cve
cve
added 2010/09/07 6:0 p.m.50 views

CVE-2010-3254

The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10CVSS9.4AI score0.00733EPSS
cve
cve
added 2011/12/07 7:55 p.m.50 views

CVE-2010-5069

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.

4.3CVSS5.1AI score0.00732EPSS
cve
cve
added 2011/01/14 5:0 p.m.50 views

CVE-2011-0479

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.

7.5CVSS6.3AI score0.01558EPSS
cve
cve
added 2011/02/04 6:0 p.m.50 views

CVE-2011-0780

The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.2AI score0.00485EPSS
cve
cve
added 2011/02/04 6:0 p.m.50 views

CVE-2011-0783

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3CVSS6AI score0.01219EPSS
cve
cve
added 2011/03/01 11:0 p.m.50 views

CVE-2011-1119

Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS7.3AI score0.0184EPSS
cve
cve
added 2011/05/26 4:55 p.m.50 views

CVE-2011-1807

Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.

10CVSS7.4AI score0.05397EPSS
cve
cve
added 2011/06/29 5:55 p.m.50 views

CVE-2011-2349

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.

6.8CVSS7AI score0.0083EPSS
cve
cve
added 2011/06/29 5:55 p.m.50 views

CVE-2011-2350

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.0083EPSS
cve
cve
added 2011/08/03 12:55 a.m.50 views

CVE-2011-2805

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.

6.8CVSS6.5AI score0.00575EPSS
cve
cve
added 2011/10/25 7:55 p.m.50 views

CVE-2011-2845

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6.1AI score0.0053EPSS
cve
cve
added 2011/09/19 12:2 p.m.50 views

CVE-2011-2851

Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00887EPSS
cve
cve
added 2011/09/19 12:2 p.m.50 views

CVE-2011-2858

Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00887EPSS
cve
cve
added 2012/02/16 8:55 p.m.50 views

CVE-2011-3019

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.

6.8CVSS7.4AI score0.00676EPSS
cve
cve
added 2012/02/16 8:55 p.m.50 views

CVE-2011-3022

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.

5CVSS5.7AI score0.00461EPSS
cve
cve
added 2012/04/05 10:2 p.m.50 views

CVE-2011-3066

Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.01466EPSS
cve
cve
added 2012/04/05 10:2 p.m.50 views

CVE-2011-3072

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.

6.8CVSS6.1AI score0.00355EPSS
cve
cve
added 2012/05/16 12:55 a.m.50 views

CVE-2011-3084

Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.

7.5CVSS6AI score0.0042EPSS
cve
cve
added 2012/05/16 12:55 a.m.50 views

CVE-2011-3091

Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10CVSS7AI score0.03454EPSS
cve
cve
added 2011/10/25 7:55 p.m.50 views

CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

5CVSS6.2AI score0.00515EPSS
cve
cve
added 2012/01/07 11:55 a.m.50 views

CVE-2011-3921

Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.

7.5CVSS7AI score0.01382EPSS
cve
cve
added 2012/08/06 3:55 p.m.50 views

CVE-2012-2853

The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafte...

6.8CVSS7AI score0.00447EPSS
cve
cve
added 2012/08/06 3:55 p.m.50 views

CVE-2012-2857

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...

6.8CVSS7AI score0.01383EPSS
cve
cve
added 2012/08/06 3:55 p.m.50 views

CVE-2012-2859

Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS9.3AI score0.00948EPSS
cve
cve
added 2012/09/26 10:56 a.m.50 views

CVE-2012-2875

Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.

6.8CVSS6.3AI score0.02244EPSS
cve
cve
added 2012/09/26 10:56 a.m.50 views

CVE-2012-2880

Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.

7.5CVSS9.2AI score0.00688EPSS
cve
cve
added 2012/09/26 10:56 a.m.50 views

CVE-2012-2887

Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.

7.5CVSS9.3AI score0.0288EPSS
cve
cve
added 2012/12/04 6:5 a.m.50 views

CVE-2012-5129

Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.6AI score0.00443EPSS
cve
cve
added 2012/11/28 1:55 a.m.50 views

CVE-2012-5130

Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.01461EPSS
cve
cve
added 2013/01/15 9:55 p.m.50 views

CVE-2013-0828

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.00569EPSS
cve
cve
added 2013/02/23 9:55 p.m.50 views

CVE-2013-0895

Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.

7.5CVSS7.1AI score0.00466EPSS
cve
cve
added 2015/01/27 8:1 p.m.50 views

CVE-2014-9648

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of brow...

4.3CVSS8.5AI score0.01201EPSS
cve
cve
added 2017/04/25 3:59 a.m.50 views

CVE-2017-5050

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

8.8CVSS8.1AI score0.0031EPSS
cve
cve
added 2024/07/16 11:15 p.m.50 views

CVE-2024-3171

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00292EPSS
cve
cve
added 2024/08/06 4:15 p.m.50 views

CVE-2024-6991

Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00222EPSS
cve
cve
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0662

The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified o...

5CVSS7.2AI score0.00487EPSS
cve
cve
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0664

Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple ...

5CVSS6.3AI score0.01317EPSS
cve
cve
added 2010/04/01 10:30 p.m.49 views

CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (...

4.3CVSS7.4AI score0.00508EPSS
cve
cve
added 2010/05/03 1:51 p.m.49 views

CVE-2010-1665

Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

7.5CVSS8.6AI score0.0188EPSS
cve
cve
added 2010/05/20 5:30 p.m.49 views

CVE-2010-1992

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

5CVSS6.3AI score0.00543EPSS
cve
cve
added 2010/05/28 6:30 p.m.49 views

CVE-2010-2110

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.

7.5CVSS6.8AI score0.00243EPSS
cve
cve
added 2010/07/06 5:17 p.m.49 views

CVE-2010-2647

Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.

9.3CVSS9.5AI score0.01701EPSS
Total number of security vulnerabilities3647