Lucene search
+L

4465 matches found

CVE
CVE
added 2023/01/02 12:0 a.m.530 views

CVE-2022-0801

CVE-2022-0801 describes an issue in Google Chrome’s HTML parser where an improper implementation could bypass XSS protections via a crafted HTML page. Affected product: Google Chrome (via Chromium codebase). Root cause: insecure HTML parsing logic preceding version 99.0.4844.51. Impact: remote at...

6.1CVSS6.1AI score0.00545EPSS
CVE
CVE
added 2025/03/26 4:7 p.m.529 views

CVE-2025-2783

CVE-2025-2783 affects Google Chrome on Windows prior to 134.0.6998.177. The issue is a Mojo-related sandbox escape caused by an incorrect handle provided in unspecified circumstances, enabling a remote attacker to escape the sandbox via a malicious file. Upgrade to 134.0.6998.177 or newer to fix....

8.3CVSS6.8AI score0.08404EPSS
In wild
CVE
CVE
added 2024/05/15 8:42 p.m.528 views

CVE-2024-4947

The CVE-2024-4947 entry corresponds to a Type Confusion vulnerability in Google Chrome/Chromium V8 that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software is the Chrome/Chromium stack using V8 prior to version 125.0.6422.60. The root c...

9.6CVSS6.9AI score0.15111EPSS
In wild
CVE
CVE
added 2025/09/03 4:17 p.m.528 views

CVE-2025-9867

CVE-2025-9867 : The connected documents confirm a vulnerability in Google Chrome on Android before version 140.0.7339.80, described as an inappropriate implementation in Downloads that allowed a remote attacker to perform UI spoofing via a crafted HTML page. The impact is UI spoofing with a mediu...

5.4CVSS5.9AI score0.00281EPSS
CVE
CVE
added 2021/02/09 1:55 p.m.522 views

CVE-2020-16044

CVE-2020-16044 is a use-after-free in WebRTC detected in Chromium-based browsers, including Google Chrome before 88.0.4324.96 (and related Chromium builds). A remote attacker could potentially exploit a crafted SCTP COOKIE-ECHO packet to trigger heap corruption and execute arbitrary code. Public ...

8.8CVSS9.1AI score0.01304EPSS
In wild
CVE
CVE
added 2025/09/03 4:17 p.m.522 views

CVE-2025-9865

CVE-2025-9865 : In Google Chrome on Android, prior to version 140.0.7339.80, an inappropriate implementation in Toolbar allows a remote attacker to induce a user, via crafted HTML and specific UI gestures, to perform domain spoofing. Impact is described as a Chromium-style vulnerability with pote...

5.4CVSS5.9AI score0.00247EPSS
CVE
CVE
added 2012/09/15 6:0 p.m.516 views

CVE-2012-4929

CVE-2012-4929 (CRIME) : The vulnerability stems from TLS/SSL compression, where the TLS protocol (1.2 and earlier) used by browsers (e.g., Mozilla Firefox, Google Chrome, Qt) can encrypt compressed data without hiding the length of unencrypted data. This length leakage enables a MITM attacker to ...

2.6CVSS4.9AI score0.04266EPSS
CVE
CVE
added 2024/01/16 9:14 p.m.516 views

CVE-2024-0517

CVE-2024-0517 refers to an out-of-bounds write in Google's V8 JavaScript engine used by Chrome/Chromium. The vulnerability affects Chrome/Chromium prior to version 120.0.6099.224 and can allow a remote attacker to potentially cause heap corruption through a crafted HTML page. The public documents...

8.8CVSS8.5AI score0.21697EPSS
CVE
CVE
added 2023/08/22 11:56 p.m.511 views

CVE-2023-4427

CVE-2023-4427 is an out-of-bounds memory read vulnerability in V8 used by Google Chrome/Chromium prior to 116.0.5845.110. A remote attacker could craft an HTML page to trigger the issue, with high impact (C/H, I/N, A/H) and public exploits reportedly existing. The issue affects Chromium-based bro...

8.1CVSS7.6AI score0.3398EPSS
CVE
CVE
added 2025/05/27 8:43 p.m.504 views

CVE-2025-5281

Google Chrome contains a vulnerability in BFCache that could allow a remote attacker to potentially obtain user information via a crafted HTML page. Affected versions are prior to Chrome 137.0.7151.55. The Chrome 137 stable release (137.0.7151.55) includes fixes for this issue as part of a broade...

5.4CVSS6AI score0.00188EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.501 views

CVE-2023-4070

CVE-2023-4070 affects Google Chrome/Chromium via a Type Confusion in V8 before 115.0.5790.170, allowing a remote attacker to perform arbitrary read/write through a crafted HTML page. The issue is confirmed across multiple advisories (Debian DSA-5467-1, Gentoo GLSAs, FreeBSD/vuxml, Astra Linux) an...

8.1CVSS7.5AI score0.01442EPSS
CVE
CVE
added 2023/05/30 9:31 p.m.499 views

CVE-2023-2940

CVE-2023-2940 relates to Google Chrome: an inappropriate implementation in the Downloads component prior to 114.0.5735.90 allowed an attacker, by convincing a user to install a malicious extension, to bypass file access restrictions via a crafted HTML page. The issue is tied to the Downloads hand...

6.5CVSS6.4AI score0.00693EPSS
CVE
CVE
added 2023/11/29 12:2 p.m.499 views

CVE-2023-6345

CVE-2023-6345 is an integer overflow in the Skia graphics library used by Google Chrome prior to 119.0.6045.199. The vulnerability allows a renderer-compromised attacker to potentially escape the sandbox via a malicious file. Affected product: Google Chrome (Skia component). Root cause: integer o...

9.6CVSS9.2AI score0.1963EPSS
In wild
CVE
CVE
added 2025/01/08 6:42 p.m.497 views

CVE-2025-0291

Summary: CVE-2025-0291 is a Type Confusion in V8 affecting Google Chrome, with exploitation possible via a crafted HTML page to escape the sandbox and execute arbitrary code. The vulnerability is documented across multiple sources, with fixes in Chrome 131.0.6778.264 and related Debian package up...

8.8CVSS7.4AI score0.07435EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.496 views

CVE-2019-5827

CVE-2019-5827 is an out-of-bounds read in the SQLite library leveraged via Chromium/Chrome. Public records in Debian and related advisories indicate this affects Chromium/Chrome components and was mitigated by upgrading the sqlite3 library (e.g., to versions in Chromium security updates and Debia...

8.8CVSS8.6AI score0.01976EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.496 views

CVE-2025-0448

Summary of CVE-2025-0448 : In Google Chrome/Chromium, an inappropriate implementation in the Compositing pipeline allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is tied to Chrome/Chromium’s UI/compositing code and is listed among Chrome security fixes for vers...

4.3CVSS6.4AI score0.00299EPSS
CVE
CVE
added 2019/05/23 7:17 p.m.491 views

CVE-2019-5798

CVE-2019-5798: In Google Chrome, a lack of proper bounds checking in Skia allowed out-of-bounds memory read via a crafted HTML page. Affected product is Chrome (before 73.0.3683.75); root cause is insufficient bounds checking in Skia’s handling of HTML content. Impact stated: remote attacker coul...

6.5CVSS6.6AI score0.03205EPSS
CVE
CVE
added 2025/05/27 8:43 p.m.488 views

CVE-2025-5067

CVE-2025-5067 affects Google Chrome (prior to 137.0.7151.55). The issue is an Inappropriate implementation in Tab Strip (Chromium) that allows a remote attacker to perform UI spoofing via a crafted HTML page. The reported CVSS 3.1 base score is 5.4 (Medium) with network attack vector, low confide...

5.4CVSS6.2AI score0.00366EPSS
CVE
CVE
added 2023/09/05 9:57 p.m.484 views

CVE-2023-4761

CVE-2023-4761 is a memory‑safety issue in FedCM within Google Chrome/Chromium prior to 116.0.5845.179, allowing a renderer‑compromised attacker to perform an out‑of‑bounds memory read via a crafted page (severity HIGH). Connected sources confirm affected products include Chromium/Chrome; Debian a...

8.1CVSS7.6AI score0.01287EPSS
CVE
CVE
added 2023/12/21 10:26 p.m.474 views

CVE-2023-7024

CVE-2023-7024 describes a heap buffer overflow in WebRTC , affecting Google Chrome/WebRTC prior to version 120.0.6099.129. The vulnerability could allow a remote attacker to trigger heap corruption via a crafted HTML page, with impact summarized as high. Public references confirm ChromeOS fixes i...

8.8CVSS8.9AI score0.07356EPSS
In wild
CVE
CVE
added 2026/02/11 6:8 p.m.474 views

CVE-2026-2322

Google Chrome prior to 145.0.7632.45 contains a vulnerability in the File input control due to an inappropriate implementation, allowing a remote attacker to craft an HTML page that, if a user performs certain UI gestures, can spoof the UI. Affected product: Google Chrome (Chromium-based). Root c...

5.4CVSS5.6AI score0.00229EPSS
CVE
CVE
added 2024/09/17 9:7 p.m.469 views

CVE-2024-8907

CVE-2024-8907 affects Chromium-based Chrome on Android (prior to version 129.0.6668.58). The root cause is insufficient data validation in Omnibox related to crafted UI gestures, enabling an attacker to inject arbitrary script or HTML (XSS) when a user is provoked into specific UI actions. Public...

6.1CVSS6AI score0.00257EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.467 views

CVE-2025-0446

CVE-2025-0446 affects Google Chrome’s Extensions subsystem. The issue stems from an inappropriate implementation in Extensions prior to version 132.0.6834.83, permitting a remote attacker to induce a user to perform specific UI gestures and cause UI spoofing via a crafted Chrome Extension. The pr...

4.3CVSS6.6AI score0.00281EPSS
CVE
CVE
added 2026/04/01 4:41 a.m.464 views

CVE-2026-5281

CVE-2026-5281 is a use-after-free in Dawn (Chromium’s graphics layer/WebGPU) affecting Google Chrome versions prior to 146.0.7680.178. A remote attacker who has gained control of the renderer process can execute arbitrary code via a crafted HTML page. Publicly available Chromium/Chrome advisories...

8.8CVSS6.2AI score0.05036EPSS
In wild
CVE
CVE
added 2018/12/11 3:0 p.m.457 views

CVE-2018-18356

CVE-2018-18356: A heap-based or use-after-free issue in Skia (the graphics library) affects multiple browsers/components. Connected sources indicate this vulnerability arises from a use-after-free in Skia that can be triggered via crafted content, with references tying it to Chromium before 71.0....

8.8CVSS9AI score0.0313EPSS
CVE
CVE
added 2024/05/14 2:9 a.m.455 views

CVE-2024-4761

CVE-2024-4761: Out-of-bounds memory write in V8 used by Google Chrome/Chromium prior to 124.0.6367.207 via a crafted HTML page. A remote attacker could trigger an out-of-bounds write, with impact described as high for confidentiality, integrity, and availability. Affected software is Chrome/Chrom...

8.8CVSS5.8AI score0.11007EPSS
In wild
CVE
CVE
added 2025/12/12 7:20 p.m.451 views

CVE-2025-14373

CVE-2025-14373 affects Chromium/Chrome components (Android Toolbar) with an inappropriate implementation that permits domain spoofing via a crafted HTML page. Affected: Google Chrome on Android before version 143.0.7499.110; Chromium builds in Fedora/Debian updates reference Chromium 143.0.7499.1...

4.3CVSS6AI score0.00277EPSS
CVE
CVE
added 2025/06/02 11:36 p.m.449 views

CVE-2025-5419

CVE-2025-5419: Out-of-bounds read/write in V8 (Chromium) used by Google Chrome/Chromium-based browsers. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Affected: Google Chrome/Chromium’s V8 until version 137.0.7151.68. Impact described as High (C:E/I/H/A: High...

8.8CVSS6.7AI score0.0645EPSS
In wild
CVE
CVE
added 2025/06/24 8:3 p.m.446 views

CVE-2025-6556

CVE-2025-6556 affects Google Chrome/Chromium loaders: insufficient policy enforcement in the Loader can allow a remote attacker to bypass content security policy via a crafted HTML page. Public references in the CVE entry indicate the vulnerability exists prior to Chrome 138.0.7204.49. Debian sec...

5.4CVSS6.3AI score0.00157EPSS
CVE
CVE
added 2021/04/30 8:15 p.m.440 views

CVE-2021-21230

The CVE-2021-21230 issue affects Google Chrome’s V8 component due to a type confusion vulnerability, fixed in Chrome before 90.0.4430.93. Multiple connected sources (Debian security advisory DSA-4911-1, Alpine security page, Astra Linux bulletin, and other trackers) confirm the same root cause: i...

8.8CVSS8.4AI score0.01601EPSS
CVE
CVE
added 2023/09/05 9:57 p.m.437 views

CVE-2023-4764

CVE-2023-4764 is a Chrome/BFCache security UI issue: a crafted HTML page can spoof the Omnibox (URL bar) due to an incorrect BFCache security UI. The vulnerability affects Google Chrome (Chromium-based) and is addressed by a patch in Chrome 116.0.5845.179 and later. Debian/Fedora Gentoo advisorie...

6.5CVSS6.2AI score0.01044EPSS
CVE
CVE
added 2025/11/14 2:29 a.m.437 views

CVE-2025-9479

CVE-2025-9479 affects Google Chrome (V8) prior to 133.0.6943.141. The vulnerability is an out-of-bounds read in V8 that can lead to heap corruption when processing crafted HTML pages, with potential remote impact. Chrome released a security update (133.0.6943.141) to address the issue. The CVE’s ...

4.3CVSS6.6AI score0.00191EPSS
CVE
CVE
added 2020/05/21 3:46 a.m.435 views

CVE-2020-6463

CVE-2020-6463 is a use-after-free in ANGLE (affecting Chrome up to version 81.x, per the CVE page). Connected advisories show the same CVE listed in Thunderbird/Firefox-related updates with fixes in 68.11.0 ESR lines and related Red Hat/CentOS advisories. Practical takeaway: to remediate, upgrade...

8.8CVSS9.1AI score0.02888EPSS
CVE
CVE
added 2024/10/29 9:55 p.m.435 views

CVE-2024-10487

Consolidated details for CVE-2024-10487 indicate an Out-of-bounds write in Dawn within Google Chrome/Chromium, exploitable remotely via a crafted HTML page. Affected software: Google Chrome/Chromium prior to version 130.0.6723.92 (Dawn component). Root cause: out-of-bounds memory access. Impact: ...

8.8CVSS6.7AI score0.00653EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.431 views

CVE-2023-0129

CVE-2023-0129 is a heap buffer overflow in Chrome/Chromium’s Network Service prior to version 109.0.5414.74. The issue can be triggered when a user is persuaded to install a malicious extension and interacts with a crafted HTML page, potentially allowing heap corruption. Affected products include...

8.8CVSS8.7AI score0.00503EPSS
In wild
CVE
CVE
added 2025/11/14 2:29 a.m.430 views

CVE-2025-13107

CVE-2025-13107 concerns an Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 that enables a remote attacker to perform a UI spoofing attack via a crafted HTML page. The affected product is Google Chrome (Chromium-based); the root cause is an inadequate implementa...

4.3CVSS6AI score0.00198EPSS
CVE
CVE
added 2023/09/05 9:57 p.m.429 views

CVE-2023-4762

CVE-2023-4762 is a Type Confusion in V8 affecting Google Chrome/Chromium prior to 116.0.5845.179 that allows remote code execution via a crafted HTML page. The vulnerability is documented in multiple sources (Chrome/Chromium release notes; Debian security advisory stating fixes in 116.0.5845.180 ...

8.8CVSS8.7AI score0.37987EPSS
In wild
CVE
CVE
added 2025/11/14 2:29 a.m.428 views

CVE-2025-13102

CVE-2025-13102 affects Google Chrome on Android and relates to an Inappropriate implementation in WebApp Installs, prior to version 134.0.6998.35. The issue allows a remote attacker to perform a UI spoofing attack via a crafted HTML page. The vulnerability is rated Low severity (CVSS 3.1: 4.3) wi...

4.3CVSS6AI score0.0018EPSS
CVE
CVE
added 2025/11/14 2:29 a.m.426 views

CVE-2024-11920

CVE-2024-11920 affects Google Chrome on macOS, specifically the Dawn component. The issue is an out-of-bounds memory access in Dawn, exploitable via a crafted HTML page on Chrome versions prior to 130.0.6723.92. The vulnerability was fixed in Chrome 130.0.6723.92 (and related builds), per multipl...

4.3CVSS6.2AI score0.00222EPSS
CVE
CVE
added 2025/11/14 2:29 a.m.426 views

CVE-2025-13097

CVE-2025-13097 is a Chrome/Chromium DevTools vulnerability caused by an inappropriate implementation that could allow a remote sandbox escape via a crafted HTML page. Affected product: Google Chrome (DevTools/Chromium). Root cause: DevTools handling defect leading to sandbox bypass. Impact: sandb...

5.4CVSS6.7AI score0.00159EPSS
CVE
CVE
added 2025/11/14 2:29 a.m.425 views

CVE-2024-7021

CVE-2024-7021 describes an improper Autofill implementation in Google Chrome on Windows

4.3CVSS6.1AI score0.00188EPSS
CVE
CVE
added 2018/11/14 3:0 p.m.423 views

CVE-2018-17466

CVE-2018-17466: Incorrect texture handling in Angle in Chrome prior to 70.0.3538.67 can lead to a remote out-of-bounds memory read via a crafted HTML page. The connected advisories (ALAS2-2019-1168 and related security bulletins) confirm this CVE among a set of issues affecting Thunderbird/Firefo...

8.8CVSS7.1AI score0.02827EPSS
CVE
CVE
added 2023/05/30 9:31 p.m.423 views

CVE-2023-2941

CVE-2023-2941 affects Google Chrome (Extensions API). Inappropriate implementation in the Extensions API prior to 114.0.5735.90 allowed an attacker to spoof the UI contents when a user installed a crafted malicious extension. Impact stated as low severity by Chromium, with exploitation requiring ...

4.3CVSS5AI score0.00621EPSS
CVE
CVE
added 2026/02/13 6:27 p.m.422 views

CVE-2026-2441

CVE-2026-2441 is a Chromium/Google Chrome use-after-free in CSS vulnerability that could allow a remote attacker to execute arbitrary code inside the sandbox. Affected software includes Google Chrome/Chromium prior to 145.0.7632.75; the issue stems from a CSS handling use-after-free bug in the br...

8.8CVSS6.1AI score0.2202EPSS
In wild
CVE
CVE
added 2020/04/13 5:31 p.m.421 views

CVE-2020-6447

CVE-2020-6447 describes an inappropriate implementation in the developer tools of Chromium/Google Chrome prior to 81.0.4044.92, which could allow a remote attacker who convinces a user to use DevTools to potentially exploit heap corruption via a crafted HTML page. Public sources (Arch Linux secur...

8.8CVSS8.3AI score0.01833EPSS
CVE
CVE
added 2021/08/03 12:0 a.m.420 views

CVE-2021-30560

CVE-2021-30560 is a use-after-free vulnerability in the Blink XSLT component of the Chromium/Google Chrome rendering engine prior to version 91.0.4472.164. The documented impact is potential heap corruption/execution of arbitrary code via a crafted HTML page. Connected advisories consistently ref...

8.8CVSS9AI score0.21623EPSS
CVE
CVE
added 2024/01/16 9:14 p.m.420 views

CVE-2024-0519

CVE-2024-0519 is a Google Chrome/V8 vulnerability: an out-of-bounds memory access in V8 allows potential heap corruption via a crafted HTML page. Affected products include Chrome before version 120.0.6099.224; the Chromium/Chrome Stable Channel update to 120.0.6099.224 (Linux and Mac) and 120.0.6...

8.8CVSS8.5AI score0.03769EPSS
In wild
CVE
CVE
added 2020/05/21 3:46 a.m.417 views

CVE-2020-6457

CVE-2020-6457 refers to a use-after-free in the speech recognizer of Google Chrome before 81.0.4044.113, which could allow a remote attacker to potentially escape the sandbox via a specially crafted HTML page. The CVE is listed in multiple sources (e.g., Debian security advisories) with remediati...

9.6CVSS9.2AI score0.01236EPSS
In wild
CVE
CVE
added 2024/08/21 8:20 p.m.416 views

CVE-2024-7976

CVE-2024-7976 relates to Google Chrome/Chromium FedCM, where an Inappropriate implementation flaw in FedCM prior to 128.0.6613.84 could allow a remote attacker to spoof the UI via a crafted HTML page. The CVE is documented as a Medium-severity issue with network attack vector, low integrity impac...

4.3CVSS6.4AI score0.0043EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.416 views

CVE-2024-8035

CVE-2024-8035 affects Google Chrome on Windows prior to 128.0.6613.84, due to an inappropriate implementation in Extensions that enables UI spoofing via a crafted HTML page. Debian security advisory confirms fixed version 128.0.6613.84-1~deb12u1. Remediation: upgrade to 128.0.6613.84 or newer (Ch...

4.3CVSS6.4AI score0.00306EPSS
Total number of security vulnerabilities4465