4465 matches found
CVE-2022-0801
CVE-2022-0801 describes an issue in Google Chrome’s HTML parser where an improper implementation could bypass XSS protections via a crafted HTML page. Affected product: Google Chrome (via Chromium codebase). Root cause: insecure HTML parsing logic preceding version 99.0.4844.51. Impact: remote at...
CVE-2025-2783
CVE-2025-2783 affects Google Chrome on Windows prior to 134.0.6998.177. The issue is a Mojo-related sandbox escape caused by an incorrect handle provided in unspecified circumstances, enabling a remote attacker to escape the sandbox via a malicious file. Upgrade to 134.0.6998.177 or newer to fix....
CVE-2024-4947
The CVE-2024-4947 entry corresponds to a Type Confusion vulnerability in Google Chrome/Chromium V8 that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software is the Chrome/Chromium stack using V8 prior to version 125.0.6422.60. The root c...
CVE-2025-9867
CVE-2025-9867 : The connected documents confirm a vulnerability in Google Chrome on Android before version 140.0.7339.80, described as an inappropriate implementation in Downloads that allowed a remote attacker to perform UI spoofing via a crafted HTML page. The impact is UI spoofing with a mediu...
CVE-2020-16044
CVE-2020-16044 is a use-after-free in WebRTC detected in Chromium-based browsers, including Google Chrome before 88.0.4324.96 (and related Chromium builds). A remote attacker could potentially exploit a crafted SCTP COOKIE-ECHO packet to trigger heap corruption and execute arbitrary code. Public ...
CVE-2025-9865
CVE-2025-9865 : In Google Chrome on Android, prior to version 140.0.7339.80, an inappropriate implementation in Toolbar allows a remote attacker to induce a user, via crafted HTML and specific UI gestures, to perform domain spoofing. Impact is described as a Chromium-style vulnerability with pote...
CVE-2012-4929
CVE-2012-4929 (CRIME) : The vulnerability stems from TLS/SSL compression, where the TLS protocol (1.2 and earlier) used by browsers (e.g., Mozilla Firefox, Google Chrome, Qt) can encrypt compressed data without hiding the length of unencrypted data. This length leakage enables a MITM attacker to ...
CVE-2024-0517
CVE-2024-0517 refers to an out-of-bounds write in Google's V8 JavaScript engine used by Chrome/Chromium. The vulnerability affects Chrome/Chromium prior to version 120.0.6099.224 and can allow a remote attacker to potentially cause heap corruption through a crafted HTML page. The public documents...
CVE-2023-4427
CVE-2023-4427 is an out-of-bounds memory read vulnerability in V8 used by Google Chrome/Chromium prior to 116.0.5845.110. A remote attacker could craft an HTML page to trigger the issue, with high impact (C/H, I/N, A/H) and public exploits reportedly existing. The issue affects Chromium-based bro...
CVE-2025-5281
Google Chrome contains a vulnerability in BFCache that could allow a remote attacker to potentially obtain user information via a crafted HTML page. Affected versions are prior to Chrome 137.0.7151.55. The Chrome 137 stable release (137.0.7151.55) includes fixes for this issue as part of a broade...
CVE-2023-4070
CVE-2023-4070 affects Google Chrome/Chromium via a Type Confusion in V8 before 115.0.5790.170, allowing a remote attacker to perform arbitrary read/write through a crafted HTML page. The issue is confirmed across multiple advisories (Debian DSA-5467-1, Gentoo GLSAs, FreeBSD/vuxml, Astra Linux) an...
CVE-2023-2940
CVE-2023-2940 relates to Google Chrome: an inappropriate implementation in the Downloads component prior to 114.0.5735.90 allowed an attacker, by convincing a user to install a malicious extension, to bypass file access restrictions via a crafted HTML page. The issue is tied to the Downloads hand...
CVE-2023-6345
CVE-2023-6345 is an integer overflow in the Skia graphics library used by Google Chrome prior to 119.0.6045.199. The vulnerability allows a renderer-compromised attacker to potentially escape the sandbox via a malicious file. Affected product: Google Chrome (Skia component). Root cause: integer o...
CVE-2025-0291
Summary: CVE-2025-0291 is a Type Confusion in V8 affecting Google Chrome, with exploitation possible via a crafted HTML page to escape the sandbox and execute arbitrary code. The vulnerability is documented across multiple sources, with fixes in Chrome 131.0.6778.264 and related Debian package up...
CVE-2019-5827
CVE-2019-5827 is an out-of-bounds read in the SQLite library leveraged via Chromium/Chrome. Public records in Debian and related advisories indicate this affects Chromium/Chrome components and was mitigated by upgrading the sqlite3 library (e.g., to versions in Chromium security updates and Debia...
CVE-2025-0448
Summary of CVE-2025-0448 : In Google Chrome/Chromium, an inappropriate implementation in the Compositing pipeline allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is tied to Chrome/Chromium’s UI/compositing code and is listed among Chrome security fixes for vers...
CVE-2019-5798
CVE-2019-5798: In Google Chrome, a lack of proper bounds checking in Skia allowed out-of-bounds memory read via a crafted HTML page. Affected product is Chrome (before 73.0.3683.75); root cause is insufficient bounds checking in Skia’s handling of HTML content. Impact stated: remote attacker coul...
CVE-2025-5067
CVE-2025-5067 affects Google Chrome (prior to 137.0.7151.55). The issue is an Inappropriate implementation in Tab Strip (Chromium) that allows a remote attacker to perform UI spoofing via a crafted HTML page. The reported CVSS 3.1 base score is 5.4 (Medium) with network attack vector, low confide...
CVE-2023-4761
CVE-2023-4761 is a memory‑safety issue in FedCM within Google Chrome/Chromium prior to 116.0.5845.179, allowing a renderer‑compromised attacker to perform an out‑of‑bounds memory read via a crafted page (severity HIGH). Connected sources confirm affected products include Chromium/Chrome; Debian a...
CVE-2023-7024
CVE-2023-7024 describes a heap buffer overflow in WebRTC , affecting Google Chrome/WebRTC prior to version 120.0.6099.129. The vulnerability could allow a remote attacker to trigger heap corruption via a crafted HTML page, with impact summarized as high. Public references confirm ChromeOS fixes i...
CVE-2026-2322
Google Chrome prior to 145.0.7632.45 contains a vulnerability in the File input control due to an inappropriate implementation, allowing a remote attacker to craft an HTML page that, if a user performs certain UI gestures, can spoof the UI. Affected product: Google Chrome (Chromium-based). Root c...
CVE-2024-8907
CVE-2024-8907 affects Chromium-based Chrome on Android (prior to version 129.0.6668.58). The root cause is insufficient data validation in Omnibox related to crafted UI gestures, enabling an attacker to inject arbitrary script or HTML (XSS) when a user is provoked into specific UI actions. Public...
CVE-2025-0446
CVE-2025-0446 affects Google Chrome’s Extensions subsystem. The issue stems from an inappropriate implementation in Extensions prior to version 132.0.6834.83, permitting a remote attacker to induce a user to perform specific UI gestures and cause UI spoofing via a crafted Chrome Extension. The pr...
CVE-2026-5281
CVE-2026-5281 is a use-after-free in Dawn (Chromium’s graphics layer/WebGPU) affecting Google Chrome versions prior to 146.0.7680.178. A remote attacker who has gained control of the renderer process can execute arbitrary code via a crafted HTML page. Publicly available Chromium/Chrome advisories...
CVE-2018-18356
CVE-2018-18356: A heap-based or use-after-free issue in Skia (the graphics library) affects multiple browsers/components. Connected sources indicate this vulnerability arises from a use-after-free in Skia that can be triggered via crafted content, with references tying it to Chromium before 71.0....
CVE-2024-4761
CVE-2024-4761: Out-of-bounds memory write in V8 used by Google Chrome/Chromium prior to 124.0.6367.207 via a crafted HTML page. A remote attacker could trigger an out-of-bounds write, with impact described as high for confidentiality, integrity, and availability. Affected software is Chrome/Chrom...
CVE-2025-14373
CVE-2025-14373 affects Chromium/Chrome components (Android Toolbar) with an inappropriate implementation that permits domain spoofing via a crafted HTML page. Affected: Google Chrome on Android before version 143.0.7499.110; Chromium builds in Fedora/Debian updates reference Chromium 143.0.7499.1...
CVE-2025-5419
CVE-2025-5419: Out-of-bounds read/write in V8 (Chromium) used by Google Chrome/Chromium-based browsers. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Affected: Google Chrome/Chromium’s V8 until version 137.0.7151.68. Impact described as High (C:E/I/H/A: High...
CVE-2025-6556
CVE-2025-6556 affects Google Chrome/Chromium loaders: insufficient policy enforcement in the Loader can allow a remote attacker to bypass content security policy via a crafted HTML page. Public references in the CVE entry indicate the vulnerability exists prior to Chrome 138.0.7204.49. Debian sec...
CVE-2021-21230
The CVE-2021-21230 issue affects Google Chrome’s V8 component due to a type confusion vulnerability, fixed in Chrome before 90.0.4430.93. Multiple connected sources (Debian security advisory DSA-4911-1, Alpine security page, Astra Linux bulletin, and other trackers) confirm the same root cause: i...
CVE-2023-4764
CVE-2023-4764 is a Chrome/BFCache security UI issue: a crafted HTML page can spoof the Omnibox (URL bar) due to an incorrect BFCache security UI. The vulnerability affects Google Chrome (Chromium-based) and is addressed by a patch in Chrome 116.0.5845.179 and later. Debian/Fedora Gentoo advisorie...
CVE-2025-9479
CVE-2025-9479 affects Google Chrome (V8) prior to 133.0.6943.141. The vulnerability is an out-of-bounds read in V8 that can lead to heap corruption when processing crafted HTML pages, with potential remote impact. Chrome released a security update (133.0.6943.141) to address the issue. The CVE’s ...
CVE-2020-6463
CVE-2020-6463 is a use-after-free in ANGLE (affecting Chrome up to version 81.x, per the CVE page). Connected advisories show the same CVE listed in Thunderbird/Firefox-related updates with fixes in 68.11.0 ESR lines and related Red Hat/CentOS advisories. Practical takeaway: to remediate, upgrade...
CVE-2024-10487
Consolidated details for CVE-2024-10487 indicate an Out-of-bounds write in Dawn within Google Chrome/Chromium, exploitable remotely via a crafted HTML page. Affected software: Google Chrome/Chromium prior to version 130.0.6723.92 (Dawn component). Root cause: out-of-bounds memory access. Impact: ...
CVE-2023-0129
CVE-2023-0129 is a heap buffer overflow in Chrome/Chromium’s Network Service prior to version 109.0.5414.74. The issue can be triggered when a user is persuaded to install a malicious extension and interacts with a crafted HTML page, potentially allowing heap corruption. Affected products include...
CVE-2025-13107
CVE-2025-13107 concerns an Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 that enables a remote attacker to perform a UI spoofing attack via a crafted HTML page. The affected product is Google Chrome (Chromium-based); the root cause is an inadequate implementa...
CVE-2023-4762
CVE-2023-4762 is a Type Confusion in V8 affecting Google Chrome/Chromium prior to 116.0.5845.179 that allows remote code execution via a crafted HTML page. The vulnerability is documented in multiple sources (Chrome/Chromium release notes; Debian security advisory stating fixes in 116.0.5845.180 ...
CVE-2025-13102
CVE-2025-13102 affects Google Chrome on Android and relates to an Inappropriate implementation in WebApp Installs, prior to version 134.0.6998.35. The issue allows a remote attacker to perform a UI spoofing attack via a crafted HTML page. The vulnerability is rated Low severity (CVSS 3.1: 4.3) wi...
CVE-2024-11920
CVE-2024-11920 affects Google Chrome on macOS, specifically the Dawn component. The issue is an out-of-bounds memory access in Dawn, exploitable via a crafted HTML page on Chrome versions prior to 130.0.6723.92. The vulnerability was fixed in Chrome 130.0.6723.92 (and related builds), per multipl...
CVE-2025-13097
CVE-2025-13097 is a Chrome/Chromium DevTools vulnerability caused by an inappropriate implementation that could allow a remote sandbox escape via a crafted HTML page. Affected product: Google Chrome (DevTools/Chromium). Root cause: DevTools handling defect leading to sandbox bypass. Impact: sandb...
CVE-2024-7021
CVE-2024-7021 describes an improper Autofill implementation in Google Chrome on Windows
CVE-2018-17466
CVE-2018-17466: Incorrect texture handling in Angle in Chrome prior to 70.0.3538.67 can lead to a remote out-of-bounds memory read via a crafted HTML page. The connected advisories (ALAS2-2019-1168 and related security bulletins) confirm this CVE among a set of issues affecting Thunderbird/Firefo...
CVE-2023-2941
CVE-2023-2941 affects Google Chrome (Extensions API). Inappropriate implementation in the Extensions API prior to 114.0.5735.90 allowed an attacker to spoof the UI contents when a user installed a crafted malicious extension. Impact stated as low severity by Chromium, with exploitation requiring ...
CVE-2026-2441
CVE-2026-2441 is a Chromium/Google Chrome use-after-free in CSS vulnerability that could allow a remote attacker to execute arbitrary code inside the sandbox. Affected software includes Google Chrome/Chromium prior to 145.0.7632.75; the issue stems from a CSS handling use-after-free bug in the br...
CVE-2020-6447
CVE-2020-6447 describes an inappropriate implementation in the developer tools of Chromium/Google Chrome prior to 81.0.4044.92, which could allow a remote attacker who convinces a user to use DevTools to potentially exploit heap corruption via a crafted HTML page. Public sources (Arch Linux secur...
CVE-2021-30560
CVE-2021-30560 is a use-after-free vulnerability in the Blink XSLT component of the Chromium/Google Chrome rendering engine prior to version 91.0.4472.164. The documented impact is potential heap corruption/execution of arbitrary code via a crafted HTML page. Connected advisories consistently ref...
CVE-2024-0519
CVE-2024-0519 is a Google Chrome/V8 vulnerability: an out-of-bounds memory access in V8 allows potential heap corruption via a crafted HTML page. Affected products include Chrome before version 120.0.6099.224; the Chromium/Chrome Stable Channel update to 120.0.6099.224 (Linux and Mac) and 120.0.6...
CVE-2020-6457
CVE-2020-6457 refers to a use-after-free in the speech recognizer of Google Chrome before 81.0.4044.113, which could allow a remote attacker to potentially escape the sandbox via a specially crafted HTML page. The CVE is listed in multiple sources (e.g., Debian security advisories) with remediati...
CVE-2024-7976
CVE-2024-7976 relates to Google Chrome/Chromium FedCM, where an Inappropriate implementation flaw in FedCM prior to 128.0.6613.84 could allow a remote attacker to spoof the UI via a crafted HTML page. The CVE is documented as a Medium-severity issue with network attack vector, low integrity impac...
CVE-2024-8035
CVE-2024-8035 affects Google Chrome on Windows prior to 128.0.6613.84, due to an inappropriate implementation in Extensions that enables UI spoofing via a crafted HTML page. Debian security advisory confirms fixed version 128.0.6613.84-1~deb12u1. Remediation: upgrade to 128.0.6613.84 or newer (Ch...