4465 matches found
CVE-2018-6065
CVE-2018-6065 is an integer overflow in Google Chrome/Chromium’s V8 engine that could allow remote heap corruption via a crafted HTML page. Documents confirm the affected component as the V8 JavaScript engine and indicate potential remote code execution/heap corruption in versions prior to 65.0.3...
CVE-2011-0609
The CVE-2011-0609 issue is an Adobe Flash Player AVM Bytecode Verification vulnerability that allows remote code execution via crafted SWF content. Affected products include Flash Player 10.2.x and earlier (Windows, macOS, Linux, Solaris), Flash Player 10.1.106.16 and earlier on Android, Adobe AI...
CVE-2018-17480
CVE-2018-17480 is a Chrome/Chromium vulnerability in the V8 JavaScript engine: an out-of-bounds write that could enable remote code execution inside the sandbox via a crafted HTML page. Connected advisories confirm the impact across Chromium-based browsers and list the fixed-upstream version as 7...
CVE-2025-0611
Summary: CVE-2025-0611 affects Google Chrome’s V8 engine prior to 132.0.6834.110, where object corruption could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is categorized as High severity (CVSS: NETWORK, NONE/LOW impacts on confidentiality, integr...
CVE-2021-4102
CVE-2021-4102 is a use-after-free vulnerability in Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 96.0.4664.110. Root cause: use-after-free that could enable heap corruption via a crafted HTML page. Impact: remote code execution with high severity (per CVSS metri...
CVE-2020-16013
CVE-2020-16013 concerns the Chromium V8 engine used by Google Chrome prior to 86.0.4240.198, where an inappropriate implementation could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Chromium-based Chrome builds up to version 86.0.4240.198 (inclu...
CVE-2017-5070
CVE-2017-5070 is a type confusion vulnerability in Google Chrome’s V8 engine that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected products include Google Chrome and other Chromium-based browsers (V8 engine), with desktop versions prior to 59...
CVE-2024-4368
CVE-2024-4368 affects Chromium/Chrome where Dawn use-after-free can lead to heap corruption via a crafted HTML page. The issue is fixed in Chromium 124.0.6367.118 and newer per multiple advisories (e.g., Debian DSA-5676-1 and Fedora/chromium updates); update Chromium/Chrome to the patched version...
CVE-2020-6572
CVE-2020-6572 is a use-after-free in Chrome’s Media handling that could let a remote attacker run arbitrary code via a crafted HTML page, affecting Chrome desktop (pre-81.0.4044.92) and Android. The core issue is a use-after-free in Media components, with Android variant CVE-2020-6572 involving M...
CVE-2020-16017
CVE-2020-16017 is a use-after-free vulnerability in site isolation of Chromium-based browsers (Google Chrome/Chromium) before version 86.0.4240.198. The underlying issue in the renderer process could enable a remote attacker to escape the sandbox via a crafted HTML page, as described in multiple ...
CVE-2023-2136
CVE-2023-2136 refers to an integer overflow in Skia used by Google Chrome before 112.0.5615.137. A remote attacker who already compromised the renderer could craft a page to potentially escape the sandbox. The issue affects Chrome/Chromium's Skia path and was fixed in Chrome 112.0.5615.137 and ne...
CVE-2017-5030
CVE-2017-5030 is a memory corruption vulnerability in Google Chrome’s V8 engine. A remote attacker could execute arbitrary code via a crafted HTML page. Affected portion is V8 in Chromium/Chrome; remediation is upgrade to Chromium/Chrome version 57.0.2987.98 or newer (upstream fix referenced by A...
CVE-2016-5198
CVE-2016-5198 is an out-of-bounds memory access vulnerability in the V8 engine of Chromium/Google Chrome that allowed remote code execution via a crafted HTML page. Affected Chrome versions were prior to 54.0.2840.90 (Linux), 54.0.2840.85 (Android), and 54.0.2840.87 (Windows/Mac). The root cause ...
CVE-2011-0611
CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...
CVE-2016-1646
Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...
CVE-2025-0443
CVE-2025-0443 affects Google Chrome/Chromium with insufficient data validation in Extensions, allowing privilege escalation when a user is tricked into specific UI gestures via a crafted HTML page. Connected sources confirm Chrome/Chromium and show remediation in Chrome 132.0.6834.83 (and Debian’...
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2022-4262
CVE-2022-4262 : Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allows remote attackers to potentially exploit heap corruption via a crafted HTML page. Affects Google Chrome/Chromium users; base CVSS v3.1 score 8.8 (HIGH). Chrome notes an exploit exists in the wild and released a fix...
CVE-2025-0435
Google Chrome on Android (Navigation component) is affected by CVE-2025-0435 due to an inappropriate implementation that enables UI spoofing via a crafted HTML page. The issue affects versions prior to 132.0.6834.83. The practical impact is remote UI spoofing without user privileges. Remediation ...
CVE-2021-30547
CVE-2021-30547 : Out-of-bounds write in ANGLE affecting the Chromium/Chrome engine before 91.0.4472.101. A crafted HTML page could enable a remote attacker to cause memory access issues or a potentially exploitable crash. Mitigation: upgrade to Chrome/Chromium 91.0.4472.101 or newer (per multiple...
CVE-2021-30533
CVE-2021-30533 affects the PopupBlocker component in Chromium-based Google Chrome before 91.0.4472.77. The root cause is insufficient policy enforcement, allowing remote attackers to bypass navigation restrictions via a crafted iframe. Impact: potential navigation bypass and partial integrity ris...
CVE-2022-2856
CVE-2022-2856 is a Google Chrome/Chromium Intents input-validation vulnerability. Affected component: Chrome/Chromium on Android (and Chromium-derived browsers) prior to 104.0.5112.101; root cause: insufficient validation of untrusted input passed via Intents, enabling a remote attacker to load a...
CVE-2022-3723
CVE-2022-3723 is a Type Confusion in V8 affecting Google Chrome (Chromium-based) up to version 107.0.5304.87. The root cause is a V8 type confusion that can allow remote heap corruption via a crafted HTML page. Documents in connected data indicate Chrome/Chromium-based products are vulnerable and...
CVE-2025-0439
CVE-2025-0439 concerns a race in Chrome’s Frame handling that enables UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Affected product is Google Chrome (and Chromium-derived builds) with versions prior to 132.0.6834.83. Impact per the entry is confirmed...
CVE-2024-4671
CVE-2024-4671 is a use-after-free vulnerability in Google Chrome’s Visuals component, reported in Chromium-based builds prior to 124.0.6367.201. The issue could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page, with high impact and in-...
CVE-2025-4664
CVE-2025-4664 describes an information-disclosure vulnerability in Google Chrome’s Loader component (Chromium) that allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Google Chrome (Chromium-based) prior to version 136.0.7103.113. The underlying root ...
CVE-2025-0442
CVE-2025-0442 involves Google Chrome’s Payments UI: an Inappropriate implementation vulnerability in Chrome prior to 132.0.6834.83 could allow UI spoofing via a crafted HTML page when a user performs specific UI gestures. Connected sources confirm the issue in Chromium/Chrome with this exact CVE ...
CVE-2021-21157
CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...
CVE-2020-10531
ICU for C/C++ up to version 66.1 is affected by CVE-2020-10531: an integer overflow in UnicodeString::doAppend() in common/unistr.cpp can cause a heap-based buffer overflow. Public disclosures and vendor advisories (e.g., ALAS2-2020-1418/ALSA-2020:1317, CESA/DSA advisories) reference this vulnera...
CVE-2023-3079
Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...
CVE-2023-4431
CVE-2023-4431 describes an out-of-bounds memory access in Google Chrome Fonts that allowed a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. The issue affects Chrome/Chromium prior to version 116.0.5845.110. The CVSS v3.1 vector indicates network access, low attac...
CVE-2022-0337
CVE-2022-0337 is an information-disclosure vulnerability in Chrome’s File System Access API (window.showSaveFilePicker) caused by an inappropriate implementation. It affects Google Chrome on Windows prior to 97.0.4692.71 (and related Chromium-based browsers). Connected documents confirm that a cr...
CVE-2024-12692
CVE-2024-12692 is a Type Confusion in V8 in Google Chrome/Chromium prior to 131.0.6778.204 that can enable remote exploitation leading to heap corruption via a crafted HTML page. The issue is documented across multiple sources (Chromium security update notes, Debian security advisory, CNVD/CVE tr...
CVE-2024-4058
CVE-2024-4058 involves a Type Confusion in ANGLE used by Google Chrome. The vulnerability allows remote attackers to potentially trigger heap corruption via a crafted HTML page, with impact described as code execution in the browser. Affected software is Google Chrome (ANGLE component) on desktop...
CVE-2022-3038
CVE-2022-3038 is a memory-unsafe issue in Google Chrome’s Network Service (Chromium-based). The connected documents indicate a use-after-free in Network Service prior to 105.0.5195.52 that can allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected product/component: ...
CVE-2019-13734
CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...
CVE-2025-4609
CVE-2025-4609 describes a vulnerability in Google Chrome on Windows (Mojo) where an incorrect handle in unspecified circumstances could allow a remote attacker to potentially escape the browser sandbox via a malicious file. The issue is tied to the Chromium-based Chrome versioning and is specific...
CVE-2023-4428
CVE-2023-4428 affects Chromium-based browsers (Chrome/Chromium) and relates to an out-of-bounds memory access in CSS that could allow a remote attacker to read memory via a crafted HTML page. The issue is classified with high severity and a network attack vector, with user interaction required. T...
CVE-2024-3833
CVE-2024-3833 is a Chrome/Chromium WebAssembly object-corruption vulnerability (via a crafted HTML page) tracked as high-severity, with reported fixes in Chromium 124.0.6367.60 and later (ChromeOS notes cite 124.0.6367.95; Debian security advisories list 124.0.6367.60 as the fixed version). Affec...
CVE-2025-0762
CVE-2025-0762 concerns Google Chrome/Chromium DevTools: a use-after-free in DevTools for builds prior to 132.0.6834.159, enabling potential heap corruption from a crafted Chrome Extension. Affected component is Chrome/Chromium DevTools; the underlying cause is a use-after-free defect (exact inter...
CVE-2024-5274
CVE-2024-5274 is a type confusion flaw in Google Chrome’s V8 engine (Chromium-based) that could allow a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. The vulnerability affects Chrome versions prior to 125.0.6422.112 (Windows, macOS, Linux) and is cla...
CVE-2025-10585
CVE-2025-10585 is a Type Confusion in Google Chrome’s V8 engine that can enable heap corruption via specially crafted HTML pages. Multiple connected sources confirm the vulnerability affects Chrome/Chromium (V8), with remote, no-user-interaction exploitation described in NVD/Chromium advisories a...
CVE-2026-0628
CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...
CVE-2024-12053
CVE-2024-12053 denotes a type confusion issue in V8 used by Google Chrome/Chromium, before version 131.0.6778.108. The vulnerability allows remote exploitation via a crafted HTML page, with a high impact across confidentiality, integrity, and availability, and requires user interaction and networ...
CVE-2018-20346
CVE-2018-20346 affects SQLite when the FTS3 extension is enabled. SQLite before 3.25.3 exhibits an integer overflow (and resulting buffer overflow) for FTS3 queries after crafted changes to FTS3 shadow tables, enabling remote attackers to execute arbitrary SQL statements and potentially take cont...
CVE-2025-5064
CVE-2025-5064 relates to an inappropriate implementation in Chrome's Background Fetch API that could leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (Chromium base). The issue is mitigated by upgrading to Chrome 137.0.7151.55 or later (Chromium fix referenced by Ch...
CVE-2025-5283
CVE-2025-5283 is a use-after-free in libvpx used by Google Chrome prior to 137.0.7151.55, enabling potential heap corruption via a crafted HTML page. The connected advisories confirm affected libraries and advise updating libvpx to a fixed release across affected distributions (e.g., library upda...
CVE-2023-6350
CVE-2023-6350 is a use-after-free in libavif used by Google Chrome/Chromium before version 119.0.6045.199, potentially enabling remote heap corruption via a crafted avif file. Affected software stacks include Chromium-based browsers (Chrome/Chromium) and related Electron builds, with multiple sec...
CVE-2023-4068
CVE-2023-4068: Type Confusion in V8 affects Chromium/Google Chrome; vulnerable component is V8, leading to remote arbitrary read/write via crafted HTML pages. Root cause: type confusion. Impact per sources: high; exploit details not provided. Remediation: upgrade Chromium/Chrome to 115.0.5790.170...
CVE-2024-7971
CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...