Lucene search

K
GoogleChrome

3655 matches found

CVE
CVE
added 2012/12/04 6:5 a.m.50 views

CVE-2012-5129

Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.6AI score0.00443EPSS
CVE
CVE
added 2013/01/15 9:55 p.m.50 views

CVE-2013-0828

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.00569EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.50 views

CVE-2014-3170

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

6.4CVSS5.9AI score0.00677EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.50 views

CVE-2014-7941

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.

5CVSS8.7AI score0.02253EPSS
CVE
CVE
added 2015/01/27 8:1 p.m.50 views

CVE-2014-9648

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of brow...

4.3CVSS8.5AI score0.01201EPSS
CVE
CVE
added 2016/09/29 10:59 a.m.50 views

CVE-2016-5176

Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.

6.5CVSS6.3AI score0.0021EPSS
CVE
CVE
added 2017/01/19 5:59 a.m.50 views

CVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML...

8.8CVSS7.9AI score0.00617EPSS
CVE
CVE
added 2017/04/25 3:59 a.m.50 views

CVE-2017-5050

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

8.8CVSS8.1AI score0.0031EPSS
CVE
CVE
added 2024/08/06 4:15 p.m.50 views

CVE-2024-6991

Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00222EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0662

The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified o...

5CVSS7.2AI score0.00487EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0664

Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple ...

5CVSS6.3AI score0.01317EPSS
CVE
CVE
added 2010/04/01 10:30 p.m.49 views

CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (...

4.3CVSS7.4AI score0.00508EPSS
CVE
CVE
added 2010/05/03 1:51 p.m.49 views

CVE-2010-1665

Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

7.5CVSS8.6AI score0.0188EPSS
CVE
CVE
added 2010/05/20 5:30 p.m.49 views

CVE-2010-1992

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

5CVSS6.3AI score0.00543EPSS
CVE
CVE
added 2010/05/28 6:30 p.m.49 views

CVE-2010-2110

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.

7.5CVSS6.8AI score0.00243EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.49 views

CVE-2010-2647

Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.

9.3CVSS9.5AI score0.01701EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.49 views

CVE-2010-3250

Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.

5CVSS6.2AI score0.00271EPSS
CVE
CVE
added 2010/09/16 9:0 p.m.49 views

CVE-2010-3413

Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS8.7AI score0.00543EPSS
CVE
CVE
added 2010/10/05 6:0 p.m.49 views

CVE-2010-3729

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS9.4AI score0.04257EPSS
CVE
CVE
added 2010/11/06 12:0 a.m.49 views

CVE-2010-4198

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

8.8CVSS9.1AI score0.01284EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.49 views

CVE-2010-4490

Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.

9.3CVSS7.3AI score0.01797EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.49 views

CVE-2010-4575

The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause...

4.3CVSS6.9AI score0.01343EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.49 views

CVE-2011-0777

Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.

7.5CVSS7AI score0.01479EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.49 views

CVE-2011-0781

Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.

7.5CVSS6.4AI score0.00107EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.49 views

CVE-2011-0782

Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.6AI score0.00455EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.49 views

CVE-2011-1111

Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.3AI score0.01471EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.49 views

CVE-2011-1434

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS9.6AI score0.0423EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.49 views

CVE-2011-1448

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7.2AI score0.00701EPSS
CVE
CVE
added 2011/06/09 7:55 p.m.49 views

CVE-2011-1819

Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.

4.3CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.49 views

CVE-2011-2785

The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.

4.3CVSS6.1AI score0.00384EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.49 views

CVE-2011-2789

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.

6.8CVSS7AI score0.0083EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.49 views

CVE-2011-2842

The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.

7.5CVSS6.2AI score0.00228EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.49 views

CVE-2011-2852

Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.0083EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.49 views

CVE-2011-2864

Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00887EPSS
CVE
CVE
added 2011/10/04 8:55 p.m.49 views

CVE-2011-2876

Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.

6.8CVSS7AI score0.00569EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.49 views

CVE-2011-3061

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

5.8CVSS5.4AI score0.00236EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.49 views

CVE-2011-3063

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

4.3CVSS6.2AI score0.00476EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.49 views

CVE-2011-3106

The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.07267EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.49 views

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.

5CVSS7.1AI score0.01382EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.49 views

CVE-2011-3907

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6AI score0.00242EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.49 views

CVE-2011-3953

Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.

7.5CVSS6.2AI score0.00195EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.49 views

CVE-2011-3954

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.

5CVSS6.1AI score0.00535EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.49 views

CVE-2011-3957

Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.

7.5CVSS9.3AI score0.02856EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.49 views

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

4.3CVSS8.7AI score0.01525EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.49 views

CVE-2011-3965

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS6.2AI score0.00249EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.49 views

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5CVSS6.1AI score0.0023EPSS
CVE
CVE
added 2012/06/27 10:18 a.m.49 views

CVE-2012-2764

Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

7.2CVSS6AI score0.00831EPSS
CVE
CVE
added 2012/06/27 10:18 a.m.49 views

CVE-2012-2815

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.

5CVSS5.7AI score0.00589EPSS
CVE
CVE
added 2012/10/09 11:13 a.m.49 views

CVE-2012-5111

Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.

7.5CVSS9AI score0.00198EPSS
CVE
CVE
added 2012/11/07 11:43 a.m.49 views

CVE-2012-5121

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.

7.5CVSS9.3AI score0.03358EPSS
Total number of security vulnerabilities3655