Lucene search

K

3596 matches found

CVE
CVE
added 2020/02/11 3:15 p.m.239 views

CVE-2020-6394

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.01055EPSS
CVE
CVE
added 2022/07/26 10:15 p.m.239 views

CVE-2022-1485

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS8AI score0.00322EPSS
CVE
CVE
added 2024/06/24 10:15 p.m.239 views

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00253EPSS
CVE
CVE
added 2024/09/11 2:15 p.m.239 views

CVE-2024-8639

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00207EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.238 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2019/05/23 8:29 p.m.238 views

CVE-2019-5804

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

5.5CVSS5.8AI score0.00067EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.238 views

CVE-2020-6385

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS7.7AI score0.01399EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.238 views

CVE-2020-6477

Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

7.8CVSS7.6AI score0.00031EPSS
CVE
CVE
added 2021/04/30 9:15 p.m.238 views

CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01953EPSS
CVE
CVE
added 2022/07/23 12:15 a.m.238 views

CVE-2022-1125

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8CVSS8.8AI score0.00199EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.238 views

CVE-2024-5838

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00196EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.237 views

CVE-2019-13710

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00238EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.02375EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.02356EPSS
CVE
CVE
added 2022/04/05 1:15 a.m.237 views

CVE-2022-0790

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.9AI score0.00481EPSS
CVE
CVE
added 2022/04/05 1:15 a.m.237 views

CVE-2022-0805

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8CVSS9.1AI score0.00596EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.237 views

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.00075EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.237 views

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS7.8AI score0.00322EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.237 views

CVE-2024-5840

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00057EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.237 views

CVE-2024-5844

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00316EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.237 views

CVE-2024-5846

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00256EPSS
CVE
CVE
added 2024/08/28 11:15 p.m.237 views

CVE-2024-8198

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00246EPSS
CVE
CVE
added 2016/10/14 4:59 p.m.236 views

CVE-2005-4900

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is no...

5.9CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.02568EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.0234EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.236 views

CVE-2020-6414

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS7.7AI score0.00866EPSS
CVE
CVE
added 2022/07/28 1:15 a.m.236 views

CVE-2022-2160

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

6.5CVSS6.1AI score0.00183EPSS
CVE
CVE
added 2024/09/17 9:15 p.m.236 views

CVE-2024-8906

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00138EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.235 views

CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS7AI score0.0108EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.235 views

CVE-2019-13711

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

5.3CVSS5.3AI score0.00355EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.235 views

CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2020/03/23 4:15 p.m.235 views

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.00485EPSS
CVE
CVE
added 2022/07/26 10:15 p.m.235 views

CVE-2022-1493

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

8.8CVSS8.9AI score0.00292EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.235 views

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7AI score0.00301EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.235 views

CVE-2024-5847

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00256EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.234 views

CVE-2019-13662

Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.5AI score0.00093EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13732

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03525EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13763

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

4.3CVSS4.7AI score0.02019EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.234 views

CVE-2019-5768

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2019/05/23 8:29 p.m.234 views

CVE-2019-5802

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00223EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.234 views

CVE-2019-5877

Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.00356EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.234 views

CVE-2020-6483

Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00694EPSS
CVE
CVE
added 2024/06/11 9:15 p.m.234 views

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00196EPSS
CVE
CVE
added 2024/08/28 11:15 p.m.234 views

CVE-2024-8194

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00141EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.233 views

CVE-2019-13659

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.2AI score0.00166EPSS
CVE
CVE
added 2020/01/10 10:15 p.m.233 views

CVE-2019-13767

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.07423EPSS
CVE
CVE
added 2021/07/02 7:15 p.m.233 views

CVE-2021-30556

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00611EPSS
CVE
CVE
added 2021/08/03 8:15 p.m.233 views

CVE-2021-30565

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.4AI score0.00208EPSS
CVE
CVE
added 2022/07/26 10:15 p.m.233 views

CVE-2022-1487

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

7.5CVSS8.2AI score0.0028EPSS
CVE
CVE
added 2022/07/26 10:15 p.m.233 views

CVE-2022-1495

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.

4.3CVSS4.8AI score0.0013EPSS
Total number of security vulnerabilities3596