Lucene search
+L

4465 matches found

CVE
CVE
added 2024/04/17 7:46 a.m.357 views

CVE-2024-3844

Summary: CVE-2024-3844 corresponds to an incomplete/incorrect implementation in Chrome/Chromium extensions that enables UI spoofing via a crafted extension. The connected documents corroborate a Chromium-based vulnerability with the same description, affecting Chrome/Chromium releases prior to th...

4.3CVSS5.6AI score0.00649EPSS
CVE
CVE
added 2024/06/11 8:58 p.m.357 views

CVE-2024-5846

CVE-2024-5846 is a documented use-after-free in PDFium used by Google Chrome, leading to potential heap corruption via a crafted PDF file. Affected software is Google Chrome (PDFium component) prior to Chrome 126.0.6478.54. The Chrome security update (Stable Channel) 126.x includes fixes for this...

8.8CVSS7.4AI score0.00464EPSS
CVE
CVE
added 2024/06/19 11:49 p.m.357 views

CVE-2024-6102

CVE-2024-6102 affects Google Chrome/Chromium Dawn: an out-of-bounds memory access in Dawn could enable heap corruption via a crafted HTML page. The principal affected component is Dawn within Chrome/Chromium (tracked under Chrome’s 126.0.6478.114 stable release). The known remediation is upgradin...

8.8CVSS6.6AI score0.0069EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.357 views

CVE-2025-0437

**CVE-2025-0437 is a Chrome/Chromium security issue describing an out-of-bounds read in Metrics that could enable remote heap corruption via a crafted HTML page. Affected product stack is Google Chrome (Chromium Metrics); impact is high with network access and user interaction required. Public fi...

8.8CVSS6.8AI score0.00303EPSS
CVE
CVE
added 2026/03/11 10:4 p.m.357 views

CVE-2026-3941

CVE-2026-3941 affects Google Chrome/Chromium DevTools: insufficient policy enforcement allows bypassing navigation restrictions via a crafted HTML page. Root cause: DevTools policy enforcement weakness. Impact: remote bypass of navigation controls; severity listed as Low (per Chromium description...

4.3CVSS5.8AI score0.00166EPSS
CVE
CVE
added 2023/08/25 6:34 p.m.355 views

CVE-2019-13689

Affected software: Google Chrome on ChromeOS. The CVE-2019-13689 issue stems from an inappropriate OS implementation that allows a remote attacker with local access and user interaction to perform arbitrary read/write via a malicious file. Impact is high (confidentiality, integrity, availability)...

7.8CVSS7.2AI score0.00288EPSS
CVE
CVE
added 2023/10/11 10:28 p.m.355 views

CVE-2023-5487

CVE-2023-5487 affects Google Chrome/Chromium’s Fullscreen implementation prior to 118.0.5993.70. An attacker could exploit a crafted Chrome Extension to bypass navigation restrictions by convincing a user to install the malicious extension. Severity is Medium; impact involves bypassing navigation...

6.5CVSS6.5AI score0.00635EPSS
CVE
CVE
added 2018/12/11 3:0 p.m.354 views

CVE-2018-18335

CVE-2018-18335 is a heap/buffer overflow in the Skia component of Chromium/Google Chrome before 71.0.3578.80, exploitable via a crafted HTML page to achieve remote code execution or heap corruption. The linked advisories confirm this CVE as part of a set affecting Chromium/Chromium-based products...

8.8CVSS8.7AI score0.03724EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.354 views

CVE-2023-4078

The CVE-2023-4078 entry concerns Google Chrome/Chromium extensions. Insecure/crafted Extension handling before 115.0.5790.170 allowed an attacker to persuade a user to install a malicious extension, enabling script/HTML injection into a privileged page via the Extension. Impact is high (arising f...

8.8CVSS7.7AI score0.00923EPSS
CVE
CVE
added 2024/05/01 12:49 p.m.354 views

CVE-2024-4060

The CVE-2024-4060 entry affects Chromium-based Chrome/Dawn code, with a use-after-free in Dawn on Chromium prior to version 124.0.6367.78. The issue can allow a remote attacker to cause heap corruption via a crafted HTML page, as described by multiple sources (Astra Linux bulletin, Debian securit...

7.5CVSS6.4AI score0.01003EPSS
CVE
CVE
added 2024/05/22 3:11 p.m.354 views

CVE-2024-5159

CVE-2024-5159 is a heap buffer overflow in ANGLE within Google Chrome (and Chromium-based products) prior to 125.0.6422.76. The vulnerability allows a remote attacker to cause an out-of-bounds memory read via a crafted HTML page. Affected component: ANGLE (graphics/shader translation layer) used ...

8.8CVSS6.3AI score0.00641EPSS
CVE
CVE
added 2024/11/12 8:9 p.m.353 views

CVE-2024-11117

CVE-2024-11117 involves an inappropriate FileSystem implementation in Google Chrome/Chromium before version 131.0.6778.69, allowing a remote attacker to bypass filesystem restrictions via a crafted HTML page. The vulnerability is reported with a Low severity and a network attack vector with user ...

4.3CVSS6.2AI score0.00277EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.352 views

CVE-2023-4069

CVE-2023-4069 is a Type Confusion in V8 affecting Google Chrome prior to 115.0.5790.170. The vulnerability could allow a remote attacker to potentially trigger heap corruption via a crafted HTML page. Connected sources indicate Chrome/Chromium updates addressing this class of issue (e.g., the 115...

8.8CVSS8.4AI score0.24116EPSS
CVE
CVE
added 2025/01/22 7:22 p.m.352 views

CVE-2025-0612

CVE-2025-0612 is an out-of-bounds memory access vulnerability in Chromium’s V8 engine affecting Google Chrome prior to 132.0.6834.110 . The issue can allow a remote attacker to trigger heap corruption via a crafted HTML page. The Chrome 132.0.6834.110 update (and related stable-channel releases) ...

7.5CVSS6.8AI score0.00375EPSS
CVE
CVE
added 2020/07/22 4:16 p.m.351 views

CVE-2020-6519

CVE-2020-6519 is a policy bypass in the Content Security Policy (CSP) for Google Chrome, allowing a remote attacker to bypass CSP via a crafted HTML page in Chrome versions prior to 84.0.4147.89. Connected sources confirm public advisories and fixes across distributions: Debian notes a security u...

6.5CVSS6.7AI score0.1132EPSS
CVE
CVE
added 2024/05/30 11:2 p.m.351 views

CVE-2024-5498

CVE-2024-5498 : The connected sources confirm a use-after-free in the Presentation API of Google Chrome/Chromium before version 125.0.6422.141, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected product: Google Chrome/Chromium browsers. Root cause:...

8.8CVSS6.5AI score0.00638EPSS
CVE
CVE
added 2024/06/11 8:58 p.m.351 views

CVE-2024-5831

CVE-2024-5831 is a use-after-free in Dawn affecting Google Chrome/Chromium prior to 126.0.6478.54, which could enable remote heap corruption via a crafted HTML page. Connected advisories confirm the issue in Chrome’s Dawn component with high impact (C/H/I/A = 8.8) and note that fixes were release...

8.8CVSS7.3AI score0.00484EPSS
CVE
CVE
added 2024/11/12 8:9 p.m.349 views

CVE-2024-11116

CVE-2024-11116 affects Google Chrome (Blink) prior to version 131.0.6778.69. The issue arises from an inappropriate implementation in Blink that allows a remote attacker to induce UI spoofing via a crafted HTML page when a user is guided to perform specific UI gestures. Exploitation details or in...

4.3CVSS6.2AI score0.00322EPSS
CVE
CVE
added 2024/12/18 9:42 p.m.349 views

CVE-2024-12693

CVE-2024-12693 is a Chrome/Chromium vulnerability in V8: out-of-bounds memory access that could allow remote code execution via a crafted HTML page. It affects Chrome before 131.0.6778.204 and was addressed in the Stable Channel update (131.0.6778.204/205). Affected software is the Chromium-based...

8.8CVSS7.2AI score0.00402EPSS
CVE
CVE
added 2023/05/30 9:31 p.m.348 views

CVE-2023-2938

CVE-2023-2938 affects Google Chrome/Chromium’s Picture In Picture feature. An inappropriate implementation allowed a remote attacker who had compromised the renderer process to spoof the Omnibox (URL bar) via a crafted HTML page. The issue is tied to Chrome/Chromium before version 114.0.5735.90. ...

4.3CVSS4.7AI score0.00906EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.348 views

CVE-2025-0436

CVE-2025-0436 affects Google Chrome (Skia) with versions prior to 132.0.6834.83. The issue is an integer overflow that can lead to heap corruption via a crafted HTML page, enabling a remote attacker to potentially compromise a system. Impact is rated High (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:...

8.8CVSS7.1AI score0.00403EPSS
CVE
CVE
added 2024/09/11 1:47 p.m.347 views

CVE-2024-8636

Summary: CVE-2024-8636 describes a heap buffer overflow in Skia used by Google Chrome/Chromium, before version 128.0.6613.137, allowing a remote attacker to trigger heap corruption via a crafted HTML page (Chromium severity: High). Affected software (per connected docs): Google Chrome/Chromium wi...

8.8CVSS7.1AI score0.00428EPSS
CVE
CVE
added 2020/01/03 10:35 p.m.346 views

CVE-2019-5845

CVE-2019-5845: Out-of-bounds access in SwiftShader within Google Chrome prior to 73.0.3683.75 can enable remote heap corruption via a crafted HTML page. The available documents confirm this vulnerability and its association with Chrome/SwiftShader, but do not provide additional exploit details, a...

6.5CVSS7AI score0.01395EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.346 views

CVE-2023-4076

CVE-2023-4076 is a use-after-free in WebRTC in Google Chrome/Chromium, leading to potential heap corruption. Public details in connected sources confirm the vulnerability affects Chrome/Chromium prior to version 115.0.5790.170, with the Debian/FreeBSD/Fedora advisories noting fixes in 115.0.5790....

8.8CVSS8.8AI score0.00944EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.346 views

CVE-2024-3845

CVE-2024-3845 affects Google Chrome/Chromium where an inappropriate network implementation allowed bypassing mixed-content policy via a crafted HTML page on versions before 124.0.6367.60. Root cause: incorrect handling in networks code. Impact stated as high for confidentiality, integrity, and av...

9.8CVSS5.4AI score0.00758EPSS
CVE
CVE
added 2024/06/19 11:39 p.m.346 views

CVE-2024-6103

CVE-2024-6103 is a concrete Chrome/Chromium vulnerability in Dawn: a use-after-free that could lead to heap corruption via a crafted HTML page. The connected sources confirm the issue resides in Dawn within Chromium, with the Chrome security release noting Dawn-related fixes and the Stable Channe...

8.8CVSS7AI score0.00636EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.346 views

CVE-2025-0440

Google Chrome on Windows before 132.0.6834.83 has a UI spoofing vulnerability due to an inappropriate Fullscreen implementation. A remote attacker could exploit this via a crafted HTML page to spoof UI. Impact is partial information exposure with high integrity impact, base CVSS 6.5 (UI required,...

6.5CVSS6.4AI score0.00427EPSS
CVE
CVE
added 2019/05/23 7:12 p.m.345 views

CVE-2019-5789

CVE-2019-5789 is a use-after-free in Chrome's WebMIDI implementation on Windows caused by an integer overflow. A remote attacker who can run crafted HTML in a renderer could execute arbitrary code prior to Chrome 73.0.3683.75. Mitigation: upgrade to 73.0.3683.75 or later (Chromium/Chrome patches)...

9.3CVSS8.5AI score0.07287EPSS
CVE
CVE
added 2021/06/04 5:15 p.m.345 views

CVE-2021-30517

CVE-2021-30517 describes a type confusion in the V8 engine within the Chromium browser, fixed before version 90.0.4430.212. The vulnerability, present in the Chromium/WebKit stack used by Google Chrome and related builds, could allow a remote attacker to trigger heap-related issues via a crafted ...

8.8CVSS8.4AI score0.02517EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.345 views

CVE-2023-4073

CVE-2023-4073: Out of bounds memory access in ANGLE used by Google Chrome on macOS before 115.0.5790.170 permits remote exploitation leading to potential heap corruption via a crafted HTML page. Affected product: Google Chrome (Chromium-based) on macOS; vulnerable component: ANGLE within the brow...

8.8CVSS8.5AI score0.01254EPSS
CVE
CVE
added 2023/10/11 10:28 p.m.345 views

CVE-2023-5483

CVE-2023-5483 affects Google Chrome/Chromium: Insecure implementation in Intents allows a remote attacker to bypass content security policy via a crafted HTML page. Impact is limited to CSP bypass (as described in the connected advisories); no exploitation details are provided beyond the bypass p...

6.5CVSS6.3AI score0.00818EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.345 views

CVE-2025-0447

CVE-2025-0447 affects Google Chrome/Chromium where an inappropriate Navigation implementation before 132.0.6834.83 allows privilege escalation via a crafted HTML page. The issue is documented across multiple sources (Chromium/DC updates and Debian security advisory), with fixes shipped in Chromiu...

8.8CVSS6.8AI score0.00453EPSS
CVE
CVE
added 2024/05/30 11:2 p.m.344 views

CVE-2024-5494

CVE-2024-5494 is a vulnerability described as a “Use after free in Dawn” in Google Chrome before 125.0.6422.141, which could enable a remote attacker to trigger heap corruption via a crafted HTML page. The connected documents confirm affected software is Chrome’s Dawn component with the underlyin...

8.8CVSS6.5AI score0.00668EPSS
CVE
CVE
added 2024/12/18 9:42 p.m.343 views

CVE-2024-12695

This CVE affects Google Chrome/Chromium’s V8 engine. Out-of-bounds write in V8 allows remote code execution inside the sandbox via a crafted HTML page. Affects Chrome versions prior to 131.0.6778.204. Remediation: upgrade to 131.0.6778.204 or later (Debian: 131.0.6778.204-1~deb12u1). Exploitation...

8.8CVSS7.2AI score0.00383EPSS
CVE
CVE
added 2023/05/30 9:31 p.m.342 views

CVE-2023-2939

CVE-2023-2939 concerns Google Chrome on Windows, where insufficient data validation in the Chrome Installer component allows privilege escalation via a crafted symbolic link. Connected advisories confirm the issue is real in Chrome’s installer flow and that public remediation is to update Chrome ...

7.8CVSS7.6AI score0.00454EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.342 views

CVE-2024-3843

The CVE-2024-3843 entry concerns Google Chrome/Chromium where insufficient data validation in Downloads allows a remote attacker to perform UI spoofing via a crafted HTML page. The connected documents corroborate that Chromium-based Chrome is affected and that the vulnerability enables a UI spoof...

4.6CVSS5.4AI score0.00582EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.342 views

CVE-2024-3846

CVE-2024-3846 affects Chromium-based Chrome/Chromium, where an Inappropriate implementation in Prompts allows UI spoofing via a crafted HTML page when users engage certain UI gestures. Connected sources confirm the issue targets Chromium/Chrome components related to prompts and UI handling, with ...

5.4CVSS5.5AI score0.00717EPSS
CVE
CVE
added 2024/05/30 11:2 p.m.342 views

CVE-2024-5499

CVE-2024-5499 is a Chromium/Google Chrome vulnerability described as an out-of-bounds write in the Streams API that could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Connected documents corroborate affected software (Google Chrome/Chromium) and pr...

8.8CVSS7.1AI score0.00892EPSS
CVE
CVE
added 2023/08/22 11:56 p.m.341 views

CVE-2023-4429

CVE-2023-4429 affects Google Chrome (Chromium-based) Loader use-after-free vulnerabilities prior to Chrome 116.0.5845.110. The issue allows a remote attacker to potentially trigger heap corruption via a crafted HTML page, with impact described as high. Connected advisories confirm Chromium/Chrome...

8.8CVSS8.8AI score0.00943EPSS
CVE
CVE
added 2024/10/29 9:55 p.m.341 views

CVE-2024-10488

CVE-2024-10488 describes a use-after-free in WebRTC within Google Chrome, exploitable via a crafted HTML page to trigger heap corruption. Affected: Google Chrome (Chromium-based) before version 130.0.6723.92. Impact: potential remote code execution or corruption with high severity; exploitation r...

8.8CVSS7.3AI score0.00517EPSS
CVE
CVE
added 2019/05/23 7:11 p.m.340 views

CVE-2019-5788

CVE-2019-5788 affects Chromium-based Chrome/Chromium before 73.0.3683.75. The sources describe use-after-free in the FileAPI component (and related issues in Blink Storage) triggered by crafted HTML, with an integer overflow contributing to exploitation. The Debian Arch Linux advisories confirm t...

9.3CVSS8.4AI score0.07151EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.340 views

CVE-2023-4071

CVE-2023-4071 corresponds to a heap-buffer-overflow in the Chrome/Chromium Visuals component, allowing remote code execution via a crafted HTML page. Affected software is Google Chrome/Chromium before version 115.0.5790.170. Root cause is heap corruption triggered by Visuals. Public details consi...

8.8CVSS8.7AI score0.0128EPSS
CVE
CVE
added 2023/08/03 12:27 a.m.340 views

CVE-2023-4077

CVE-2023-4077 affects Google Chrome (and Chromium-derived browsers) via insufficient data validation in Extensions, allowing a user-driven attacker to inject scripts/HTML into a privileged page through a crafted Chrome Extension. The vulnerability is triggered when a user installs a malicious ext...

8.8CVSS7.7AI score0.00923EPSS
CVE
CVE
added 2023/10/11 10:28 p.m.340 views

CVE-2023-5481

CVE-2023-5481 : Affected component is Google Chrome/Chromium Downloads. The root cause is an inappropriate implementation that permits a remote attacker to spoof the security UI via a crafted HTML page, leading to a spoofing risk. The vulnerability is associated with Chrome/Chromium versions prio...

6.5CVSS6.3AI score0.00745EPSS
CVE
CVE
added 2024/06/24 9:46 p.m.340 views

CVE-2024-6293

CVE-2024-6293 affects Google Chrome (Dawn component) with a use-after-free leading to potential heap corruption via a crafted HTML page. Affected version: Chrome prior to 126.0.6478.126. Remediation: update to Chrome 126.0.6478.126 or later (e.g., Debian package chromium fixed to 126.0.6478.126-1...

8.8CVSS7.1AI score0.00516EPSS
CVE
CVE
added 2024/11/12 8:9 p.m.339 views

CVE-2024-11111

CVE-2024-11111 affects Google Chrome/Chromium through an Inappropriate implementation in Autofill that enables UI spoofing via a crafted HTML page. The vulnerability requires user interaction (UI gestures) and could enable a remote attacker to spoof UI. Affected component: Autofill in Chrome/Chro...

4.3CVSS6.2AI score0.00339EPSS
CVE
CVE
added 2024/05/22 3:11 p.m.339 views

CVE-2024-5160

CVE-2024-5160 describes a heap buffer overflow in Chrome’s Dawn (Chromium/Dawn) prior to 125.0.6422.76, allowing a remote attacker to cause an out-of-bounds write via a crafted HTML page. The CVSS vector indicates network access with low attack complexity and user interaction required, resulting ...

8.8CVSS6.4AI score0.00612EPSS
CVE
CVE
added 2024/06/24 9:46 p.m.339 views

CVE-2024-6290

CVE-2024-6290 is a use-after-free in Dawn within Google Chrome prior to 126.0.6478.126, leading to potential heap corruption via a crafted HTML page. The connected sources confirm this as a Chrome/Chromium vulnerability affecting Dawn, with the issue publicly tracked and fixed in the Chrome 126.0...

8.8CVSS7.1AI score0.00516EPSS
CVE
CVE
added 2024/05/30 11:2 p.m.338 views

CVE-2024-5493

CVE-2024-5493 describes a heap buffer overflow in WebRTC within Google Chrome/Chromium before version 125.0.6422.141. The issue allows a remote attacker to potentially corrupt the heap via a crafted HTML page, with high-severity impact. Public advisories across multiple vendors corroborate this C...

8.8CVSS6.6AI score0.00737EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.338 views

CVE-2025-0441

CVE-2025-0441 corresponds to an information-disclosure flaw in Google Chrome’s Fenced Frames implementation. Connected sources confirm the issue affects Google Chrome/Chromium, describing an inappropriate implementation in Fenced Frames that could allow a remote attacker to glean potentially sens...

6.5CVSS5.9AI score0.00381EPSS
Total number of security vulnerabilities4465