Chrome@* Security Vulnerabilities and Issues — Page 67 of Chrome@* CVE List

Lucene search

GoogleChrome*

3615 matches found

CVE•added 2011/02/04 6:0 p.m.•50 views

CVE-2011-0782

Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.6AI score0.00455EPSS

CVE•added 2011/03/01 11:0 p.m.•50 views

CVE-2011-1111

Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.3AI score0.01471EPSS

CVE•added 2011/05/03 10:55 p.m.•50 views

CVE-2011-1434

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS9.6AI score0.0423EPSS

CVE•added 2011/05/03 10:55 p.m.•50 views

CVE-2011-1448

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7.2AI score0.00701EPSS

CVE•added 2011/06/09 7:55 p.m.•50 views

CVE-2011-1819

Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.

4.3CVSS6.5AI score0.00391EPSS

CVE•added 2011/08/03 12:55 a.m.•50 views

CVE-2011-2785

The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.

4.3CVSS6.1AI score0.00384EPSS

CVE•added 2011/08/03 12:55 a.m.•50 views

CVE-2011-2789

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.

6.8CVSS7AI score0.0083EPSS

CVE•added 2011/09/19 12:2 p.m.•50 views

CVE-2011-2842

The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.

7.5CVSS6.2AI score0.00228EPSS

CVE•added 2011/09/19 12:2 p.m.•50 views

CVE-2011-2848

Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.

4.3CVSS6AI score0.00384EPSS

CVE•added 2011/09/19 12:2 p.m.•50 views

CVE-2011-2852

Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.0083EPSS

CVE•added 2011/09/19 12:2 p.m.•50 views

CVE-2011-2864

Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.00887EPSS

CVE•added 2011/10/04 8:55 p.m.•50 views

CVE-2011-2876

Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.

6.8CVSS7AI score0.00569EPSS

CVE•added 2012/03/30 10:55 p.m.•50 views

CVE-2011-3061

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

5.8CVSS5.4AI score0.00236EPSS

CVE•added 2012/03/30 10:55 p.m.•50 views

CVE-2011-3063

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

4.3CVSS6.2AI score0.00476EPSS

CVE•added 2012/05/24 6:55 p.m.•50 views

CVE-2011-3106

The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.07267EPSS

CVE•added 2012/05/24 6:55 p.m.•50 views

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.

5CVSS7.1AI score0.01382EPSS

CVE•added 2012/05/24 6:55 p.m.•50 views

CVE-2011-3113

The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

7.5CVSS6.8AI score0.01615EPSS

CVE•added 2011/12/13 9:55 p.m.•50 views

CVE-2011-3907

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6AI score0.00242EPSS

CVE•added 2012/02/09 4:10 a.m.•50 views

CVE-2011-3953

Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.

7.5CVSS6.2AI score0.00195EPSS

CVE•added 2012/02/09 4:10 a.m.•50 views

CVE-2011-3954

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.

5CVSS6.1AI score0.00535EPSS

CVE•added 2012/02/09 4:10 a.m.•50 views

CVE-2011-3957

Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.

7.5CVSS9.3AI score0.02856EPSS

CVE•added 2012/02/09 4:10 a.m.•50 views

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

4.3CVSS8.7AI score0.01525EPSS

CVE•added 2012/02/09 4:10 a.m.•50 views

CVE-2011-3965

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS6.2AI score0.00249EPSS

CVE•added 2011/12/07 7:55 p.m.•50 views

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5CVSS6.1AI score0.0023EPSS

CVE•added 2012/06/27 10:18 a.m.•50 views

CVE-2012-2764

Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

7.2CVSS6AI score0.00831EPSS

CVE•added 2012/10/09 11:13 a.m.•50 views

CVE-2012-5111

Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.

7.5CVSS9AI score0.00198EPSS

CVE•added 2012/11/07 11:43 a.m.•50 views

CVE-2012-5121

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.

7.5CVSS9.3AI score0.03358EPSS

CVE•added 2012/12/04 6:5 a.m.•50 views

CVE-2012-5138

Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.

10CVSS6.1AI score0.00781EPSS

CVE•added 2013/01/15 9:55 p.m.•50 views

CVE-2013-0832

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

7.5CVSS7AI score0.00712EPSS

CVE•added 2019/01/09 7:29 p.m.•50 views

CVE-2016-10403

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8AI score0.00377EPSS

CVE•added 2020/11/03 3:15 a.m.•50 views

CVE-2020-15997

Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.9AI score0.00979EPSS

CVE•added 2024/09/23 10:15 p.m.•50 views

CVE-2024-7022

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.7AI score0.0016EPSS

CVE•added 2009/11/12 5:54 p.m.•49 views

CVE-2009-3932

The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."

9.3CVSS8.2AI score0.07105EPSS

CVE•added 2010/04/01 10:30 p.m.•49 views

CVE-2010-1231

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.

7.5CVSS6.5AI score0.00519EPSS

CVE•added 2010/07/06 5:17 p.m.•49 views

CVE-2010-2646

Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.

9.3CVSS9.1AI score0.00231EPSS

CVE•added 2010/07/28 8:0 p.m.•49 views

CVE-2010-2903

Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

7.5CVSS6.5AI score0.00174EPSS

CVE•added 2010/08/24 8:0 p.m.•49 views

CVE-2010-3115

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

5CVSS8.7AI score0.01527EPSS

CVE•added 2010/10/21 7:0 p.m.•49 views

CVE-2010-4036

Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.

6.8CVSS8.9AI score0.0113EPSS

CVE•added 2010/10/21 7:0 p.m.•49 views

CVE-2010-4037

Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.

4.3CVSS9AI score0.00315EPSS

CVE•added 2010/12/07 9:0 p.m.•49 views

CVE-2010-4488

Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5CVSS6.3AI score0.01012EPSS

CVE•added 2011/02/10 7:0 p.m.•49 views

CVE-2011-0985

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

7.5CVSS6.3AI score0.00422EPSS

CVE•added 2011/03/01 11:0 p.m.•49 views

CVE-2011-1122

The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.

5CVSS6.2AI score0.02099EPSS

CVE•added 2011/03/11 2:1 a.m.•49 views

CVE-2011-1194

Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.

5CVSS6.5AI score0.00476EPSS

CVE•added 2011/03/11 2:1 a.m.•49 views

CVE-2011-1195

Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."

7.5CVSS7.1AI score0.01942EPSS

CVE•added 2011/03/11 2:1 a.m.•49 views

CVE-2011-1198

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."

7.5CVSS7.2AI score0.01942EPSS

CVE•added 2011/05/03 10:55 p.m.•49 views

CVE-2011-1442

Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.2AI score0.00741EPSS

CVE•added 2011/05/03 10:55 p.m.•49 views

CVE-2011-1447

Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7.1AI score0.00701EPSS

CVE•added 2011/06/09 7:55 p.m.•49 views

CVE-2011-1808

Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.

6.8CVSS7AI score0.0125EPSS

CVE•added 2011/06/29 5:55 p.m.•49 views

CVE-2011-2348

Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS9.4AI score0.02905EPSS

CVE•added 2011/08/03 12:55 a.m.•49 views

CVE-2011-2799

6.8CVSS6.9AI score0.02007EPSS

Total number of security vulnerabilities3615