4465 matches found
CVE-2024-3844
Summary: CVE-2024-3844 corresponds to an incomplete/incorrect implementation in Chrome/Chromium extensions that enables UI spoofing via a crafted extension. The connected documents corroborate a Chromium-based vulnerability with the same description, affecting Chrome/Chromium releases prior to th...
CVE-2024-5846
CVE-2024-5846 is a documented use-after-free in PDFium used by Google Chrome, leading to potential heap corruption via a crafted PDF file. Affected software is Google Chrome (PDFium component) prior to Chrome 126.0.6478.54. The Chrome security update (Stable Channel) 126.x includes fixes for this...
CVE-2024-6102
CVE-2024-6102 affects Google Chrome/Chromium Dawn: an out-of-bounds memory access in Dawn could enable heap corruption via a crafted HTML page. The principal affected component is Dawn within Chrome/Chromium (tracked under Chrome’s 126.0.6478.114 stable release). The known remediation is upgradin...
CVE-2025-0437
**CVE-2025-0437 is a Chrome/Chromium security issue describing an out-of-bounds read in Metrics that could enable remote heap corruption via a crafted HTML page. Affected product stack is Google Chrome (Chromium Metrics); impact is high with network access and user interaction required. Public fi...
CVE-2026-3941
CVE-2026-3941 affects Google Chrome/Chromium DevTools: insufficient policy enforcement allows bypassing navigation restrictions via a crafted HTML page. Root cause: DevTools policy enforcement weakness. Impact: remote bypass of navigation controls; severity listed as Low (per Chromium description...
CVE-2019-13689
Affected software: Google Chrome on ChromeOS. The CVE-2019-13689 issue stems from an inappropriate OS implementation that allows a remote attacker with local access and user interaction to perform arbitrary read/write via a malicious file. Impact is high (confidentiality, integrity, availability)...
CVE-2023-5487
CVE-2023-5487 affects Google Chrome/Chromium’s Fullscreen implementation prior to 118.0.5993.70. An attacker could exploit a crafted Chrome Extension to bypass navigation restrictions by convincing a user to install the malicious extension. Severity is Medium; impact involves bypassing navigation...
CVE-2018-18335
CVE-2018-18335 is a heap/buffer overflow in the Skia component of Chromium/Google Chrome before 71.0.3578.80, exploitable via a crafted HTML page to achieve remote code execution or heap corruption. The linked advisories confirm this CVE as part of a set affecting Chromium/Chromium-based products...
CVE-2023-4078
The CVE-2023-4078 entry concerns Google Chrome/Chromium extensions. Insecure/crafted Extension handling before 115.0.5790.170 allowed an attacker to persuade a user to install a malicious extension, enabling script/HTML injection into a privileged page via the Extension. Impact is high (arising f...
CVE-2024-4060
The CVE-2024-4060 entry affects Chromium-based Chrome/Dawn code, with a use-after-free in Dawn on Chromium prior to version 124.0.6367.78. The issue can allow a remote attacker to cause heap corruption via a crafted HTML page, as described by multiple sources (Astra Linux bulletin, Debian securit...
CVE-2024-5159
CVE-2024-5159 is a heap buffer overflow in ANGLE within Google Chrome (and Chromium-based products) prior to 125.0.6422.76. The vulnerability allows a remote attacker to cause an out-of-bounds memory read via a crafted HTML page. Affected component: ANGLE (graphics/shader translation layer) used ...
CVE-2024-11117
CVE-2024-11117 involves an inappropriate FileSystem implementation in Google Chrome/Chromium before version 131.0.6778.69, allowing a remote attacker to bypass filesystem restrictions via a crafted HTML page. The vulnerability is reported with a Low severity and a network attack vector with user ...
CVE-2023-4069
CVE-2023-4069 is a Type Confusion in V8 affecting Google Chrome prior to 115.0.5790.170. The vulnerability could allow a remote attacker to potentially trigger heap corruption via a crafted HTML page. Connected sources indicate Chrome/Chromium updates addressing this class of issue (e.g., the 115...
CVE-2025-0612
CVE-2025-0612 is an out-of-bounds memory access vulnerability in Chromium’s V8 engine affecting Google Chrome prior to 132.0.6834.110 . The issue can allow a remote attacker to trigger heap corruption via a crafted HTML page. The Chrome 132.0.6834.110 update (and related stable-channel releases) ...
CVE-2020-6519
CVE-2020-6519 is a policy bypass in the Content Security Policy (CSP) for Google Chrome, allowing a remote attacker to bypass CSP via a crafted HTML page in Chrome versions prior to 84.0.4147.89. Connected sources confirm public advisories and fixes across distributions: Debian notes a security u...
CVE-2024-5498
CVE-2024-5498 : The connected sources confirm a use-after-free in the Presentation API of Google Chrome/Chromium before version 125.0.6422.141, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected product: Google Chrome/Chromium browsers. Root cause:...
CVE-2024-5831
CVE-2024-5831 is a use-after-free in Dawn affecting Google Chrome/Chromium prior to 126.0.6478.54, which could enable remote heap corruption via a crafted HTML page. Connected advisories confirm the issue in Chrome’s Dawn component with high impact (C/H/I/A = 8.8) and note that fixes were release...
CVE-2024-11116
CVE-2024-11116 affects Google Chrome (Blink) prior to version 131.0.6778.69. The issue arises from an inappropriate implementation in Blink that allows a remote attacker to induce UI spoofing via a crafted HTML page when a user is guided to perform specific UI gestures. Exploitation details or in...
CVE-2024-12693
CVE-2024-12693 is a Chrome/Chromium vulnerability in V8: out-of-bounds memory access that could allow remote code execution via a crafted HTML page. It affects Chrome before 131.0.6778.204 and was addressed in the Stable Channel update (131.0.6778.204/205). Affected software is the Chromium-based...
CVE-2023-2938
CVE-2023-2938 affects Google Chrome/Chromium’s Picture In Picture feature. An inappropriate implementation allowed a remote attacker who had compromised the renderer process to spoof the Omnibox (URL bar) via a crafted HTML page. The issue is tied to Chrome/Chromium before version 114.0.5735.90. ...
CVE-2025-0436
CVE-2025-0436 affects Google Chrome (Skia) with versions prior to 132.0.6834.83. The issue is an integer overflow that can lead to heap corruption via a crafted HTML page, enabling a remote attacker to potentially compromise a system. Impact is rated High (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:...
CVE-2024-8636
Summary: CVE-2024-8636 describes a heap buffer overflow in Skia used by Google Chrome/Chromium, before version 128.0.6613.137, allowing a remote attacker to trigger heap corruption via a crafted HTML page (Chromium severity: High). Affected software (per connected docs): Google Chrome/Chromium wi...
CVE-2019-5845
CVE-2019-5845: Out-of-bounds access in SwiftShader within Google Chrome prior to 73.0.3683.75 can enable remote heap corruption via a crafted HTML page. The available documents confirm this vulnerability and its association with Chrome/SwiftShader, but do not provide additional exploit details, a...
CVE-2023-4076
CVE-2023-4076 is a use-after-free in WebRTC in Google Chrome/Chromium, leading to potential heap corruption. Public details in connected sources confirm the vulnerability affects Chrome/Chromium prior to version 115.0.5790.170, with the Debian/FreeBSD/Fedora advisories noting fixes in 115.0.5790....
CVE-2024-3845
CVE-2024-3845 affects Google Chrome/Chromium where an inappropriate network implementation allowed bypassing mixed-content policy via a crafted HTML page on versions before 124.0.6367.60. Root cause: incorrect handling in networks code. Impact stated as high for confidentiality, integrity, and av...
CVE-2024-6103
CVE-2024-6103 is a concrete Chrome/Chromium vulnerability in Dawn: a use-after-free that could lead to heap corruption via a crafted HTML page. The connected sources confirm the issue resides in Dawn within Chromium, with the Chrome security release noting Dawn-related fixes and the Stable Channe...
CVE-2025-0440
Google Chrome on Windows before 132.0.6834.83 has a UI spoofing vulnerability due to an inappropriate Fullscreen implementation. A remote attacker could exploit this via a crafted HTML page to spoof UI. Impact is partial information exposure with high integrity impact, base CVSS 6.5 (UI required,...
CVE-2019-5789
CVE-2019-5789 is a use-after-free in Chrome's WebMIDI implementation on Windows caused by an integer overflow. A remote attacker who can run crafted HTML in a renderer could execute arbitrary code prior to Chrome 73.0.3683.75. Mitigation: upgrade to 73.0.3683.75 or later (Chromium/Chrome patches)...
CVE-2021-30517
CVE-2021-30517 describes a type confusion in the V8 engine within the Chromium browser, fixed before version 90.0.4430.212. The vulnerability, present in the Chromium/WebKit stack used by Google Chrome and related builds, could allow a remote attacker to trigger heap-related issues via a crafted ...
CVE-2023-4073
CVE-2023-4073: Out of bounds memory access in ANGLE used by Google Chrome on macOS before 115.0.5790.170 permits remote exploitation leading to potential heap corruption via a crafted HTML page. Affected product: Google Chrome (Chromium-based) on macOS; vulnerable component: ANGLE within the brow...
CVE-2023-5483
CVE-2023-5483 affects Google Chrome/Chromium: Insecure implementation in Intents allows a remote attacker to bypass content security policy via a crafted HTML page. Impact is limited to CSP bypass (as described in the connected advisories); no exploitation details are provided beyond the bypass p...
CVE-2025-0447
CVE-2025-0447 affects Google Chrome/Chromium where an inappropriate Navigation implementation before 132.0.6834.83 allows privilege escalation via a crafted HTML page. The issue is documented across multiple sources (Chromium/DC updates and Debian security advisory), with fixes shipped in Chromiu...
CVE-2024-5494
CVE-2024-5494 is a vulnerability described as a “Use after free in Dawn” in Google Chrome before 125.0.6422.141, which could enable a remote attacker to trigger heap corruption via a crafted HTML page. The connected documents confirm affected software is Chrome’s Dawn component with the underlyin...
CVE-2024-12695
This CVE affects Google Chrome/Chromium’s V8 engine. Out-of-bounds write in V8 allows remote code execution inside the sandbox via a crafted HTML page. Affects Chrome versions prior to 131.0.6778.204. Remediation: upgrade to 131.0.6778.204 or later (Debian: 131.0.6778.204-1~deb12u1). Exploitation...
CVE-2023-2939
CVE-2023-2939 concerns Google Chrome on Windows, where insufficient data validation in the Chrome Installer component allows privilege escalation via a crafted symbolic link. Connected advisories confirm the issue is real in Chrome’s installer flow and that public remediation is to update Chrome ...
CVE-2024-3843
The CVE-2024-3843 entry concerns Google Chrome/Chromium where insufficient data validation in Downloads allows a remote attacker to perform UI spoofing via a crafted HTML page. The connected documents corroborate that Chromium-based Chrome is affected and that the vulnerability enables a UI spoof...
CVE-2024-3846
CVE-2024-3846 affects Chromium-based Chrome/Chromium, where an Inappropriate implementation in Prompts allows UI spoofing via a crafted HTML page when users engage certain UI gestures. Connected sources confirm the issue targets Chromium/Chrome components related to prompts and UI handling, with ...
CVE-2024-5499
CVE-2024-5499 is a Chromium/Google Chrome vulnerability described as an out-of-bounds write in the Streams API that could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Connected documents corroborate affected software (Google Chrome/Chromium) and pr...
CVE-2023-4429
CVE-2023-4429 affects Google Chrome (Chromium-based) Loader use-after-free vulnerabilities prior to Chrome 116.0.5845.110. The issue allows a remote attacker to potentially trigger heap corruption via a crafted HTML page, with impact described as high. Connected advisories confirm Chromium/Chrome...
CVE-2024-10488
CVE-2024-10488 describes a use-after-free in WebRTC within Google Chrome, exploitable via a crafted HTML page to trigger heap corruption. Affected: Google Chrome (Chromium-based) before version 130.0.6723.92. Impact: potential remote code execution or corruption with high severity; exploitation r...
CVE-2019-5788
CVE-2019-5788 affects Chromium-based Chrome/Chromium before 73.0.3683.75. The sources describe use-after-free in the FileAPI component (and related issues in Blink Storage) triggered by crafted HTML, with an integer overflow contributing to exploitation. The Debian Arch Linux advisories confirm t...
CVE-2023-4071
CVE-2023-4071 corresponds to a heap-buffer-overflow in the Chrome/Chromium Visuals component, allowing remote code execution via a crafted HTML page. Affected software is Google Chrome/Chromium before version 115.0.5790.170. Root cause is heap corruption triggered by Visuals. Public details consi...
CVE-2023-4077
CVE-2023-4077 affects Google Chrome (and Chromium-derived browsers) via insufficient data validation in Extensions, allowing a user-driven attacker to inject scripts/HTML into a privileged page through a crafted Chrome Extension. The vulnerability is triggered when a user installs a malicious ext...
CVE-2023-5481
CVE-2023-5481 : Affected component is Google Chrome/Chromium Downloads. The root cause is an inappropriate implementation that permits a remote attacker to spoof the security UI via a crafted HTML page, leading to a spoofing risk. The vulnerability is associated with Chrome/Chromium versions prio...
CVE-2024-6293
CVE-2024-6293 affects Google Chrome (Dawn component) with a use-after-free leading to potential heap corruption via a crafted HTML page. Affected version: Chrome prior to 126.0.6478.126. Remediation: update to Chrome 126.0.6478.126 or later (e.g., Debian package chromium fixed to 126.0.6478.126-1...
CVE-2024-11111
CVE-2024-11111 affects Google Chrome/Chromium through an Inappropriate implementation in Autofill that enables UI spoofing via a crafted HTML page. The vulnerability requires user interaction (UI gestures) and could enable a remote attacker to spoof UI. Affected component: Autofill in Chrome/Chro...
CVE-2024-5160
CVE-2024-5160 describes a heap buffer overflow in Chrome’s Dawn (Chromium/Dawn) prior to 125.0.6422.76, allowing a remote attacker to cause an out-of-bounds write via a crafted HTML page. The CVSS vector indicates network access with low attack complexity and user interaction required, resulting ...
CVE-2024-6290
CVE-2024-6290 is a use-after-free in Dawn within Google Chrome prior to 126.0.6478.126, leading to potential heap corruption via a crafted HTML page. The connected sources confirm this as a Chrome/Chromium vulnerability affecting Dawn, with the issue publicly tracked and fixed in the Chrome 126.0...
CVE-2024-5493
CVE-2024-5493 describes a heap buffer overflow in WebRTC within Google Chrome/Chromium before version 125.0.6422.141. The issue allows a remote attacker to potentially corrupt the heap via a crafted HTML page, with high-severity impact. Public advisories across multiple vendors corroborate this C...
CVE-2025-0441
CVE-2025-0441 corresponds to an information-disclosure flaw in Google Chrome’s Fenced Frames implementation. Connected sources confirm the issue affects Google Chrome/Chromium, describing an inappropriate implementation in Fenced Frames that could allow a remote attacker to glean potentially sens...