Lucene search
K

4465 matches found

CVE
CVE
added 2018/11/14 3:0 p.m.1107 views

CVE-2018-6065

CVE-2018-6065 is an integer overflow in Google Chrome/Chromium’s V8 engine that could allow remote heap corruption via a crafted HTML page. Documents confirm the affected component as the V8 JavaScript engine and indicate potential remote code execution/heap corruption in versions prior to 65.0.3...

8.8CVSS8.5AI score0.60304EPSS
In wild
CVE
CVE
added 2011/03/15 5:0 p.m.1099 views

CVE-2011-0609

The CVE-2011-0609 issue is an Adobe Flash Player AVM Bytecode Verification vulnerability that allows remote code execution via crafted SWF content. Affected products include Flash Player 10.2.x and earlier (Windows, macOS, Linux, Solaris), Flash Player 10.1.106.16 and earlier on Android, Adobe AI...

9.3CVSS8.9AI score0.66821EPSS
In wild
CVE
CVE
added 2018/12/11 3:0 p.m.1098 views

CVE-2018-17480

CVE-2018-17480 is a Chrome/Chromium vulnerability in the V8 JavaScript engine: an out-of-bounds write that could enable remote code execution inside the sandbox via a crafted HTML page. Connected advisories confirm the impact across Chromium-based browsers and list the fixed-upstream version as 7...

8.8CVSS8.7AI score0.34292EPSS
In wild
CVE
CVE
added 2025/01/22 7:22 p.m.1091 views

CVE-2025-0611

Summary: CVE-2025-0611 affects Google Chrome’s V8 engine prior to 132.0.6834.110, where object corruption could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is categorized as High severity (CVSS: NETWORK, NONE/LOW impacts on confidentiality, integr...

8.2CVSS6.3AI score0.00323EPSS
CVE
CVE
added 2022/02/11 10:55 p.m.1090 views

CVE-2021-4102

CVE-2021-4102 is a use-after-free vulnerability in Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 96.0.4664.110. Root cause: use-after-free that could enable heap corruption via a crafted HTML page. Impact: remote code execution with high severity (per CVSS metri...

8.8CVSS9.1AI score0.07836EPSS
In wild
CVE
CVE
added 2021/01/08 5:47 p.m.1074 views

CVE-2020-16013

CVE-2020-16013 concerns the Chromium V8 engine used by Google Chrome prior to 86.0.4240.198, where an inappropriate implementation could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Chromium-based Chrome builds up to version 86.0.4240.198 (inclu...

8.8CVSS8.6AI score0.02826EPSS
In wild
CVE
CVE
added 2017/10/27 5:0 a.m.1070 views

CVE-2017-5070

CVE-2017-5070 is a type confusion vulnerability in Google Chrome’s V8 engine that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected products include Google Chrome and other Chromium-based browsers (V8 engine), with desktop versions prior to 59...

8.8CVSS8.5AI score0.31212EPSS
In wild
CVE
CVE
added 2024/05/01 12:50 p.m.1064 views

CVE-2024-4368

CVE-2024-4368 affects Chromium/Chrome where Dawn use-after-free can lead to heap corruption via a crafted HTML page. The issue is fixed in Chromium 124.0.6367.118 and newer per multiple advisories (e.g., Debian DSA-5676-1 and Fedora/chromium updates); update Chromium/Chrome to the patched version...

8.8CVSS6.5AI score0.01064EPSS
CVE
CVE
added 2021/01/14 8:55 p.m.1062 views

CVE-2020-6572

CVE-2020-6572 is a use-after-free in Chrome’s Media handling that could let a remote attacker run arbitrary code via a crafted HTML page, affecting Chrome desktop (pre-81.0.4044.92) and Android. The core issue is a use-after-free in Media components, with Android variant CVE-2020-6572 involving M...

9.3CVSS8.7AI score0.10586EPSS
In wild
CVE
CVE
added 2021/01/08 5:50 p.m.1042 views

CVE-2020-16017

CVE-2020-16017 is a use-after-free vulnerability in site isolation of Chromium-based browsers (Google Chrome/Chromium) before version 86.0.4240.198. The underlying issue in the renderer process could enable a remote attacker to escape the sandbox via a crafted HTML page, as described in multiple ...

9.6CVSS9AI score0.02747EPSS
In wild
CVE
CVE
added 2023/04/19 3:40 a.m.1039 views

CVE-2023-2136

CVE-2023-2136 refers to an integer overflow in Skia used by Google Chrome before 112.0.5615.137. A remote attacker who already compromised the renderer could craft a page to potentially escape the sandbox. The issue affects Chrome/Chromium's Skia path and was fixed in Chrome 112.0.5615.137 and ne...

9.6CVSS8.2AI score0.05786EPSS
In wild
CVE
CVE
added 2017/04/24 11:0 p.m.1036 views

CVE-2017-5030

CVE-2017-5030 is a memory corruption vulnerability in Google Chrome’s V8 engine. A remote attacker could execute arbitrary code via a crafted HTML page. Affected portion is V8 in Chromium/Chrome; remediation is upgrade to Chromium/Chrome version 57.0.2987.98 or newer (upstream fix referenced by A...

8.8CVSS8.2AI score0.41603EPSS
In wild
CVE
CVE
added 2017/01/19 5:43 a.m.1035 views

CVE-2016-5198

CVE-2016-5198 is an out-of-bounds memory access vulnerability in the V8 engine of Chromium/Google Chrome that allowed remote code execution via a crafted HTML page. Affected Chrome versions were prior to 54.0.2840.90 (Linux), 54.0.2840.85 (Android), and 54.0.2840.87 (Windows/Mac). The root cause ...

8.8CVSS7.1AI score0.34703EPSS
In wild
CVE
CVE
added 2011/04/13 2:0 p.m.1033 views

CVE-2011-0611

CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...

9.3CVSS8.8AI score0.9941EPSS
In wild
CVE
CVE
added 2016/03/29 10:0 a.m.1030 views

CVE-2016-1646

Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...

9.3CVSS8.7AI score0.4811EPSS
In wild
CVE
CVE
added 2025/01/15 10:58 a.m.1009 views

CVE-2025-0443

CVE-2025-0443 affects Google Chrome/Chromium with insufficient data validation in Extensions, allowing privilege escalation when a user is tricked into specific UI gestures via a crafted HTML page. Connected sources confirm Chrome/Chromium and show remediation in Chrome 132.0.6834.83 (and Debian’...

8.8CVSS6.7AI score0.00445EPSS
CVE
CVE
added 2023/09/28 3:23 p.m.993 views

CVE-2023-5217

CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...

8.8CVSS9.2AI score0.49013EPSS
In wild
CVE
CVE
added 2022/12/02 12:0 a.m.991 views

CVE-2022-4262

CVE-2022-4262 : Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allows remote attackers to potentially exploit heap corruption via a crafted HTML page. Affects Google Chrome/Chromium users; base CVSS v3.1 score 8.8 (HIGH). Chrome notes an exploit exists in the wild and released a fix...

8.8CVSS8.6AI score0.16109EPSS
In wild
CVE
CVE
added 2025/01/15 10:58 a.m.985 views

CVE-2025-0435

Google Chrome on Android (Navigation component) is affected by CVE-2025-0435 due to an inappropriate implementation that enables UI spoofing via a crafted HTML page. The issue affects versions prior to 132.0.6834.83. The practical impact is remote UI spoofing without user privileges. Remediation ...

6.5CVSS6.4AI score0.00334EPSS
CVE
CVE
added 2021/06/15 9:40 p.m.983 views

CVE-2021-30547

CVE-2021-30547 : Out-of-bounds write in ANGLE affecting the Chromium/Chrome engine before 91.0.4472.101. A crafted HTML page could enable a remote attacker to cause memory access issues or a potentially exploitable crash. Mitigation: upgrade to Chrome/Chromium 91.0.4472.101 or newer (per multiple...

8.8CVSS5.9AI score0.03582EPSS
CVE
CVE
added 2021/06/07 7:25 p.m.968 views

CVE-2021-30533

CVE-2021-30533 affects the PopupBlocker component in Chromium-based Google Chrome before 91.0.4472.77. The root cause is insufficient policy enforcement, allowing remote attackers to bypass navigation restrictions via a crafted iframe. Impact: potential navigation bypass and partial integrity ris...

6.5CVSS6.5AI score0.16611EPSS
In wild
CVE
CVE
added 2022/09/26 3:1 p.m.962 views

CVE-2022-2856

CVE-2022-2856 is a Google Chrome/Chromium Intents input-validation vulnerability. Affected component: Chrome/Chromium on Android (and Chromium-derived browsers) prior to 104.0.5112.101; root cause: insufficient validation of untrusted input passed via Intents, enabling a remote attacker to load a...

6.5CVSS6.6AI score0.04493EPSS
In wild
CVE
CVE
added 2022/11/01 12:0 a.m.948 views

CVE-2022-3723

CVE-2022-3723 is a Type Confusion in V8 affecting Google Chrome (Chromium-based) up to version 107.0.5304.87. The root cause is a V8 type confusion that can allow remote heap corruption via a crafted HTML page. Documents in connected data indicate Chrome/Chromium-based products are vulnerable and...

8.8CVSS8.6AI score0.0675EPSS
In wild
CVE
CVE
added 2025/01/15 10:58 a.m.944 views

CVE-2025-0439

CVE-2025-0439 concerns a race in Chrome’s Frame handling that enables UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Affected product is Google Chrome (and Chromium-derived builds) with versions prior to 132.0.6834.83. Impact per the entry is confirmed...

6.5CVSS6.4AI score0.00268EPSS
CVE
CVE
added 2024/05/09 11:54 p.m.934 views

CVE-2024-4671

CVE-2024-4671 is a use-after-free vulnerability in Google Chrome’s Visuals component, reported in Chromium-based builds prior to 124.0.6367.201. The issue could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page, with high impact and in-...

9.6CVSS6.3AI score0.08348EPSS
In wild
CVE
CVE
added 2025/05/14 5:41 p.m.851 views

CVE-2025-4664

CVE-2025-4664 describes an information-disclosure vulnerability in Google Chrome’s Loader component (Chromium) that allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Google Chrome (Chromium-based) prior to version 136.0.7103.113. The underlying root ...

4.3CVSS6AI score0.05438EPSS
In wild
CVE
CVE
added 2025/01/15 10:58 a.m.843 views

CVE-2025-0442

CVE-2025-0442 involves Google Chrome’s Payments UI: an Inappropriate implementation vulnerability in Chrome prior to 132.0.6834.83 could allow UI spoofing via a crafted HTML page when a user performs specific UI gestures. Connected sources confirm the issue in Chromium/Chrome with this exact CVE ...

6.5CVSS6.2AI score0.00333EPSS
CVE
CVE
added 2021/02/22 9:20 p.m.840 views

CVE-2021-21157

CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...

8.8CVSS9AI score0.09458EPSS
CVE
CVE
added 2020/03/12 6:9 p.m.839 views

CVE-2020-10531

ICU for C/C++ up to version 66.1 is affected by CVE-2020-10531: an integer overflow in UnicodeString::doAppend() in common/unistr.cpp can cause a heap-based buffer overflow. Public disclosures and vendor advisories (e.g., ALAS2-2020-1418/ALSA-2020:1317, CESA/DSA advisories) reference this vulnera...

8.8CVSS8.7AI score0.02669EPSS
CVE
CVE
added 2023/06/05 9:40 p.m.837 views

CVE-2023-3079

Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...

8.8CVSS8.6AI score0.32724EPSS
In wild
CVE
CVE
added 2023/08/22 11:56 p.m.792 views

CVE-2023-4431

CVE-2023-4431 describes an out-of-bounds memory access in Google Chrome Fonts that allowed a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. The issue affects Chrome/Chromium prior to version 116.0.5845.110. The CVSS v3.1 vector indicates network access, low attac...

8.1CVSS7.6AI score0.00946EPSS
CVE
CVE
added 2023/01/02 12:0 a.m.780 views

CVE-2022-0337

CVE-2022-0337 is an information-disclosure vulnerability in Chrome’s File System Access API (window.showSaveFilePicker) caused by an inappropriate implementation. It affects Google Chrome on Windows prior to 97.0.4692.71 (and related Chromium-based browsers). Connected documents confirm that a cr...

6.5CVSS5.5AI score0.01266EPSS
CVE
CVE
added 2024/12/18 9:42 p.m.717 views

CVE-2024-12692

CVE-2024-12692 is a Type Confusion in V8 in Google Chrome/Chromium prior to 131.0.6778.204 that can enable remote exploitation leading to heap corruption via a crafted HTML page. The issue is documented across multiple sources (Chromium security update notes, Debian security advisory, CNVD/CVE tr...

8.8CVSS6.3AI score0.06087EPSS
CVE
CVE
added 2024/05/01 12:49 p.m.691 views

CVE-2024-4058

CVE-2024-4058 involves a Type Confusion in ANGLE used by Google Chrome. The vulnerability allows remote attackers to potentially trigger heap corruption via a crafted HTML page, with impact described as code execution in the browser. Affected software is Google Chrome (ANGLE component) on desktop...

9CVSS8.4AI score0.08875EPSS
CVE
CVE
added 2022/09/26 3:1 p.m.674 views

CVE-2022-3038

CVE-2022-3038 is a memory-unsafe issue in Google Chrome’s Network Service (Chromium-based). The connected documents indicate a use-after-free in Network Service prior to 105.0.5195.52 that can allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected product/component: ...

8.8CVSS8.9AI score0.24738EPSS
In wild
CVE
CVE
added 2019/12/10 9:1 p.m.645 views

CVE-2019-13734

CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...

8.8CVSS8.6AI score0.04022EPSS
CVE
CVE
added 2025/08/22 9:5 p.m.634 views

CVE-2025-4609

CVE-2025-4609 describes a vulnerability in Google Chrome on Windows (Mojo) where an incorrect handle in unspecified circumstances could allow a remote attacker to potentially escape the browser sandbox via a malicious file. The issue is tied to the Chromium-based Chrome versioning and is specific...

9.6CVSS5.8AI score0.00375EPSS
CVE
CVE
added 2023/08/22 11:56 p.m.631 views

CVE-2023-4428

CVE-2023-4428 affects Chromium-based browsers (Chrome/Chromium) and relates to an out-of-bounds memory access in CSS that could allow a remote attacker to read memory via a crafted HTML page. The issue is classified with high severity and a network attack vector, with user interaction required. T...

8.1CVSS7.6AI score0.10871EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.631 views

CVE-2024-3833

CVE-2024-3833 is a Chrome/Chromium WebAssembly object-corruption vulnerability (via a crafted HTML page) tracked as high-severity, with reported fixes in Chromium 124.0.6367.60 and later (ChromeOS notes cite 124.0.6367.95; Debian security advisories list 124.0.6367.60 as the fixed version). Affec...

8.8CVSS8.2AI score0.14958EPSS
CVE
CVE
added 2025/01/29 10:33 a.m.611 views

CVE-2025-0762

CVE-2025-0762 concerns Google Chrome/Chromium DevTools: a use-after-free in DevTools for builds prior to 132.0.6834.159, enabling potential heap corruption from a crafted Chrome Extension. Affected component is Chrome/Chromium DevTools; the underlying cause is a use-after-free defect (exact inter...

8.8CVSS6.9AI score0.00339EPSS
CVE
CVE
added 2024/05/28 2:44 p.m.608 views

CVE-2024-5274

CVE-2024-5274 is a type confusion flaw in Google Chrome’s V8 engine (Chromium-based) that could allow a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. The vulnerability affects Chrome versions prior to 125.0.6422.112 (Windows, macOS, Linux) and is cla...

9.6CVSS6.9AI score0.1002EPSS
In wild
CVE
CVE
added 2025/09/24 4:17 p.m.601 views

CVE-2025-10585

CVE-2025-10585 is a Type Confusion in Google Chrome’s V8 engine that can enable heap corruption via specially crafted HTML pages. Multiple connected sources confirm the vulnerability affects Chrome/Chromium (V8), with remote, no-user-interaction exploitation described in NVD/Chromium advisories a...

9.8CVSS6.8AI score0.05426EPSS
In wild
CVE
CVE
added 2026/01/06 11:57 p.m.596 views

CVE-2026-0628

CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...

8.8CVSS5.8AI score0.06545EPSS
CVE
CVE
added 2024/12/03 6:50 p.m.583 views

CVE-2024-12053

CVE-2024-12053 denotes a type confusion issue in V8 used by Google Chrome/Chromium, before version 131.0.6778.108. The vulnerability allows remote exploitation via a crafted HTML page, with a high impact across confidentiality, integrity, and availability, and requires user interaction and networ...

8.8CVSS6.2AI score0.00862EPSS
CVE
CVE
added 2018/12/21 9:0 p.m.577 views

CVE-2018-20346

CVE-2018-20346 affects SQLite when the FTS3 extension is enabled. SQLite before 3.25.3 exhibits an integer overflow (and resulting buffer overflow) for FTS3 queries after crafted changes to FTS3 shadow tables, enabling remote attackers to execute arbitrary SQL statements and potentially take cont...

8.1CVSS8.4AI score0.09683EPSS
CVE
CVE
added 2025/05/27 8:43 p.m.566 views

CVE-2025-5064

CVE-2025-5064 relates to an inappropriate implementation in Chrome's Background Fetch API that could leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (Chromium base). The issue is mitigated by upgrading to Chrome 137.0.7151.55 or later (Chromium fix referenced by Ch...

5.4CVSS6AI score0.00322EPSS
CVE
CVE
added 2025/05/27 8:43 p.m.565 views

CVE-2025-5283

CVE-2025-5283 is a use-after-free in libvpx used by Google Chrome prior to 137.0.7151.55, enabling potential heap corruption via a crafted HTML page. The connected advisories confirm affected libraries and advise updating libvpx to a fixed release across affected distributions (e.g., library upda...

5.4CVSS7.1AI score0.00513EPSS
CVE
CVE
added 2023/11/29 12:2 p.m.558 views

CVE-2023-6350

CVE-2023-6350 is a use-after-free in libavif used by Google Chrome/Chromium before version 119.0.6045.199, potentially enabling remote heap corruption via a crafted avif file. Affected software stacks include Chromium-based browsers (Chrome/Chromium) and related Electron builds, with multiple sec...

8.8CVSS9AI score0.01118EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.541 views

CVE-2023-4068

CVE-2023-4068: Type Confusion in V8 affects Chromium/Google Chrome; vulnerable component is V8, leading to remote arbitrary read/write via crafted HTML pages. Root cause: type confusion. Impact per sources: high; exploit details not provided. Remediation: upgrade Chromium/Chrome to 115.0.5790.170...

8.1CVSS7.5AI score0.15475EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.530 views

CVE-2024-7971

CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...

9.6CVSS6.8AI score0.19272EPSS
In wild
Total number of security vulnerabilities4465