Lucene search

K

3597 matches found

CVE
CVE
added 2015/07/23 12:59 a.m.79 views

CVE-2015-1285

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time ...

5CVSS8.4AI score0.01106EPSS
CVE
CVE
added 2015/09/03 10:59 p.m.79 views

CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5CVSS8.4AI score0.00497EPSS
CVE
CVE
added 2015/10/15 10:59 a.m.79 views

CVE-2015-6759

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involvin...

5CVSS8.6AI score0.00803EPSS
CVE
CVE
added 2016/07/23 7:59 p.m.79 views

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME ele...

8.8CVSS8.5AI score0.01103EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.79 views

CVE-2017-15424

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.0066EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5076

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2023/07/29 12:15 a.m.79 views

CVE-2021-4317

Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00963EPSS
CVE
CVE
added 2023/07/29 12:15 a.m.79 views

CVE-2021-4318

Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.00963EPSS
CVE
CVE
added 2022/09/26 4:15 p.m.79 views

CVE-2022-3043

Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01173EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.79 views

CVE-2022-3317

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.8AI score0.00089EPSS
CVE
CVE
added 2023/03/07 10:15 p.m.79 views

CVE-2023-1226

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS5.8AI score0.00012EPSS
CVE
CVE
added 2023/03/07 10:15 p.m.79 views

CVE-2023-1227

Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00157EPSS
CVE
CVE
added 2023/12/06 2:15 a.m.79 views

CVE-2023-6511

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00133EPSS
CVE
CVE
added 2023/12/14 10:15 p.m.79 views

CVE-2023-6703

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00426EPSS
CVE
CVE
added 2023/12/14 10:15 p.m.79 views

CVE-2023-6705

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00451EPSS
CVE
CVE
added 2024/10/15 9:15 p.m.79 views

CVE-2024-9965

Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

8.8CVSS7.5AI score0.00611EPSS
CVE
CVE
added 2025/02/15 2:15 a.m.79 views

CVE-2025-0997

Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.1CVSS7.1AI score0.0007EPSS
CVE
CVE
added 2025/02/19 5:15 p.m.79 views

CVE-2025-0999

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.0019EPSS
CVE
CVE
added 2025/03/05 4:15 a.m.79 views

CVE-2025-1914

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00117EPSS
CVE
CVE
added 2012/05/24 6:55 p.m.78 views

CVE-2011-3111

Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.

5CVSS6AI score0.01461EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.78 views

CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS7.1AI score0.01327EPSS
CVE
CVE
added 2012/09/26 10:56 a.m.78 views

CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly ...

10CVSS7.3AI score0.31315EPSS
CVE
CVE
added 2013/01/15 9:55 p.m.78 views

CVE-2013-0836

Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.

6.8CVSS7AI score0.00666EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.78 views

CVE-2015-1214

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset act...

7.5CVSS6.9AI score0.00974EPSS
CVE
CVE
added 2015/10/15 10:59 a.m.78 views

CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...

7.5CVSS8.8AI score0.00699EPSS
CVE
CVE
added 2015/12/06 1:59 a.m.78 views

CVE-2015-6764

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have un...

9.8CVSS9.2AI score0.13726EPSS
CVE
CVE
added 2015/12/06 1:59 a.m.78 views

CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.

7.5CVSS8.9AI score0.00957EPSS
CVE
CVE
added 2016/02/14 2:59 a.m.78 views

CVE-2016-1627

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

8.8CVSS8.1AI score0.01244EPSS
CVE
CVE
added 2016/05/14 9:59 p.m.78 views

CVE-2016-1661

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a cr...

8.3CVSS8.6AI score0.01187EPSS
CVE
CVE
added 2016/05/14 9:59 p.m.78 views

CVE-2016-1667

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a cr...

8.8CVSS8.1AI score0.00486EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1696

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00804EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.78 views

CVE-2017-5041

Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.

4.3CVSS5AI score0.00601EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.78 views

CVE-2017-5095

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

8.8CVSS8.4AI score0.01587EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.78 views

CVE-2017-5101

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS
CVE
CVE
added 2022/09/26 4:15 p.m.78 views

CVE-2022-2859

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.9AI score0.0087EPSS
CVE
CVE
added 2023/01/02 11:15 p.m.78 views

CVE-2022-3863

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

6.5CVSS6.6AI score0.00322EPSS
CVE
CVE
added 2025/02/15 2:15 a.m.78 views

CVE-2025-0996

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

5.4CVSS5.8AI score0.00066EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.77 views

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers ...

7.5CVSS7.5AI score0.04266EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.77 views

CVE-2011-1187

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5CVSS9AI score0.00891EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.77 views

CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

6.8CVSS9.4AI score0.02392EPSS
CVE
CVE
added 2013/05/22 1:29 p.m.77 views

CVE-2013-2843

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.

7.5CVSS7AI score0.00712EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.77 views

CVE-2015-1245

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified oth...

6.8CVSS6.7AI score0.01826EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.77 views

CVE-2015-1247

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from loca...

5CVSS5.5AI score0.01064EPSS
CVE
CVE
added 2015/05/20 10:59 a.m.77 views

CVE-2015-1255

Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handl...

6.8CVSS7AI score0.01996EPSS
CVE
CVE
added 2015/12/06 1:59 a.m.77 views

CVE-2015-6771

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

7.5CVSS9.5AI score0.02195EPSS
CVE
CVE
added 2015/12/06 1:59 a.m.77 views

CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

7.5CVSS8.9AI score0.01229EPSS
CVE
CVE
added 2015/12/06 1:59 a.m.77 views

CVE-2015-6784

The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.

4.3CVSS8.7AI score0.00733EPSS
CVE
CVE
added 2016/01/25 11:59 a.m.77 views

CVE-2016-1613

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction...

7.6CVSS8.5AI score0.0087EPSS
CVE
CVE
added 2016/01/25 11:59 a.m.77 views

CVE-2016-1615

The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

6.5CVSS7AI score0.00755EPSS
Total number of security vulnerabilities3597