4465 matches found
CVE-2020-6437
CVE-2020-6437 affects the WebView component in Chromium/Google Chrome prior to 81.0.4044.92. An inappropriate implementation/implementation error in WebView allowed a remote attacker to spoof the security UI via a crafted application. The issue is fixed upstream in 81.0.4044.92 (Debian notes also...
CVE-2024-5841
CVE-2024-5841 is a Use-after-Free in V8 affecting Google Chrome (Chromium-based) prior to version 126.0.6478.54, enabling remote code execution via a crafted HTML page and potentially causing heap corruption. The issue is documented with a CVSSv3.1 base score of 8.8 (High), attack vector Network,...
CVE-2024-8194
CVE-2024-8194 is a Type Confusion in V8 affecting Google Chrome (Chromium) prior to 128.0.6613.113. The vulnerability could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected component: Chrome/Chromium’s V8 engine; impact described as high. Public documentation i...
CVE-2019-5791
CVE-2019-5791 is a type confusion in the V8 engine of Chromium/Chrome prior to version 73.0.3683.75. The issue potentially allows remote code execution via crafted HTML pages. Debian/Arch notes indicate fixes in 73.0.3683.75 (Debian: 73.0.3683.75-1; Arch: “before 73.0.3683.75” fixed). Affected pr...
CVE-2020-6455
CVE-2020-6455 is an out-of-bounds read in Chromium/Google Chrome’s WebSQL implementation. The issue could allow a remote attacker to potentially cause heap corruption via a crafted page. Affected software is Chrome/Chromium before version 81.0.4044.92. The Debian Arch Linux security advisory and ...
CVE-2020-6443
Chromium/Google Chrome before 81.0.4044.92 is affected by CVE-2020-6443 due to an insufficient data validation flaw in the DevTools component, enabling a remote attacker to execute arbitrary code via a crafted HTML page after convincing a user to use DevTools. Affected product: Chromium/Chrome; r...
CVE-2024-7256
CVE-2024-7256 concerns Google Chrome/Chromium—Dawn component on Android pre-127.6533.88. The root cause is insufficient data validation in Dawn , enabling a remote attacker to execute arbitrary code via a crafted HTML page. Public references confirm the vulnerability exists in Chrome/Chromium wit...
CVE-2024-11110
Affected product: Google Chrome/Chromium. Vulnerability: Inappropriate implementation in Extensions allowed a remote attacker to bypass site isolation via a crafted Chrome Extension (CVE-2024-11110). Root cause: extension handling issue enabling isolation bypass. Impact: potential high-risk bypas...
CVE-2024-8906
CVE-2024-8906 : Affected software: Google Chrome/Chromium (Chrome prior to 129.0.6668.58). Description: Incorrect security UI in Downloads allowed a remote attacker to spoof UI by convincing a user to perform specific UI gestures on a crafted HTML page. Root cause (as stated): flawed security UI ...
CVE-2017-5130
CVE-2017-5130 describes an integer overflow in libxml2’s xmlmemory.c that could enable a remote attacker to cause heap corruption via a crafted XML file. The vulnerability affects libxml2 up to version before 2.9.5 and has been observed in products such as Google Chrome (prior to 62.0.3202.62) an...
CVE-2019-5810
CVE-2019-5810 is a Chromium/Google Chrome information disclosure vulnerability in the Autofill component, reported as information leakage from process memory via a crafted HTML page in Chromium before version 74.0.3729.108. Public records in Debian security advisories and Arch Linux ASA-201904-12...
CVE-2020-6423
CVE-2020-6423 affects Chromium/Google Chrome’s audio component. The Arch Linux ASA-202004-9 describes a use-after-free in the audio implementation prior to 81.0.4044.92, enabling a remote attacker to potentially execute arbitrary code. The issue is addressed upstream with version 81.0.4044.92 (Ch...
CVE-2024-8909
CVE-2024-8909 affects Google Chrome on iOS (Chromium-based) prior to 129.0.6668.58. Root cause: Inappropriate UI implementation, enabling a remote attacker to spoof the UI via a crafted HTML page. Impact is UI spoofing; no other impacts are stated in the documents. The vulnerability is addressed ...
CVE-2011-3026
CVE-2011-3026 describes a heap-based overflow in libpng caused by an integer overflow in png_decompress_chunk(), leading to potential remote code execution or crashes when handling crafted PNGs. Affected: libpng as used by Chrome (and various products); vulnerable versions precede fixed releases....
CVE-2019-5790
CVE-2019-5790 is a heap-based buffer overflow in the V8 JavaScript engine of Chromium/Google Chrome prior to 73.0.3683.75. This vulnerability could allow a remote attacker to execute arbitrary code inside the browser’s sandbox via a crafted HTML page. The Chrome security fix was delivered in the ...
CVE-2019-5808
CVE-2019-5808 affects Chromium/Google Chrome Blink: a use-after-free in Blink/WebKit prior to 74.0.3729.108 could allow a crafted HTML page to trigger heap corruption. Affected products include Chromium/Chrome; remediation is to upgrade to 74.0.3729.108 or newer (as noted by Arch Debian advisorie...
CVE-2019-5821
CVE-2019-5821 is a concrete issue in PDFium used by Google Chrome/Chromium, caused by an integer overflow in PDFium before 74.0.3729.108, enabling a remote attacker to potentially trigger heap corruption with a crafted PDF. Evidence across multiple advisories confirms the affected component (PDFi...
CVE-2024-8638
CVE-2024-8638 is a Chrome/Chromium vulnerability affecting Google Chrome/Chromium before 128.0.6613.137, caused by a type confusion in V8 that could allow an attacker to trigger object corruption via a crafted HTML page. The issue has a high impact across confidentiality, integrity, and availabil...
CVE-2024-11115
CVE-2024-11115 targets Google Chrome on iOS with insufficient policy enforcement in Navigation, enabling privilege escalation via a sequence of UI gestures. Affected: Chrome/iOS versions prior to 131.0.6778.69. Connected documents corroborate wider Chromium updates and security fixes across distr...
CVE-2024-5842
CVE-2024-5842 is a memory‑safety bug in Google Chrome’s Browser UI (use-after-free) that, prior to Chrome 126.0.6478.54, could allow a remote attacker to cause an out-of-bounds read via a crafted HTML page after convincing a user to perform specific UI gestures. The issue affects the Browser UI c...
CVE-2025-6557
The CVE-2025-6557 entry concerns Google Chrome on Windows with an insufficient DevTools data validation flaw that could allow arbitrary code execution via a crafted HTML page after user interaction with specific UI gestures. Affected component: DevTools in Chrome; root cause: inadequate input val...
CVE-2019-5846
CVE-2019-5846 : Out-of-bounds access in SwiftShader used by Google Chrome prior to 73.0.3683.75 could allow a remote attacker to trigger heap corruption via a crafted HTML page. This vulnerability affects Chrome’s rendering/graphics stack (SwiftShader) and is described as a potential remote explo...
CVE-2020-6524
CVE-2020-6524 : Heap buffer overflow in WebAudio affecting Google Chrome before 84.0.4147.89. A remote attacker could potentially exploit heap corruption via a crafted HTML page, leading to arbitrary code execution or crashes as described in multiple advisories. The issue is tied to Chrome’s WebA...
CVE-2024-12382
CVE-2024-12382 concerns Google Chrome/Chromium Translate use-after-free leading to potential heap corruption. Affected versions are Chrome/Chromium prior to 131.0.6778.139, with exploitation possible via a crafted HTML page over the network; user interaction is required (per CVSS: Network, Low at...
CVE-2024-7977
CVE-2024-7977 affects Google Chrome on Windows (Installer component) and stems from insufficient data validation, enabling privilege escalation via a malicious file. The vulnerability is tied to Chrome/Chromium family behavior prior to version 128.0.6613.84. Mitigation is to upgrade to the patche...
CVE-2025-6558
CVE-2025-6558 involves insufficient validation of untrusted input in ANGLE and GPU within Google Chrome, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. Connected sources specify Chrome components ANGLE and GPU as affected, with the patch previously shipped i...
CVE-2019-5793
CVE-2019-5793 affects Chromium/Google Chrome extensions prior to 73.0.3683.75. The vulnerability is described as an excessive permissions issue in the Extensions component, enabling a crafted HTML page to trigger the extension installation UI, effectively bypassing policy controls and potentially...
CVE-2019-5811
CVE-2019-5811 : In Chromium-based browsers, a Cross‑Origin Resource Sharing (CORS) bypass was discovered in Blink, allowing a crafted HTML page to bypass the same-origin policy via Service Worker semantics. The issue is associated with Chrome/Chromium builds prior to 74.0.3729.108. Impact is tied...
CVE-2019-5822
CVE-2019-5822 affects Google Chrome/Chromium Blink component; describes bypass of Cross‑Origin Resource Sharing (CORS) via a crafted HTML page, effectively bypassing same-origin policy. Affected scope includes Blink/CORS handling in Chrome prior to 74.0.3729.108. Public advisories (Debian DSA-450...
CVE-2020-16027
CVE-2020-16027 affects Chromium/Google Chrome before 87.0.4280.66, specifically the developer tools component where insufficient policy enforcement allowed an attacker to cause information disclosure via a crafted extension. Affected product: Chromium/Chrome; root cause: access restriction bypass...
CVE-2020-6434
CVE-2020-6434 is a use-after-free vulnerability in the Chrome/Chromium DevTools component, reported to affect Chromium before version 81.0.4044.92. The connected advisories attribute an arbitrary code execution impact to this issue, with upstream fixes released in the 81.0.4044.92 timeframe. Reme...
CVE-2024-7981
CVE-2024-7981 : In Google Chrome/Chromium, an inappropriate implementation in the Views layer allowed a remote attacker to perform UI spoofing via a crafted HTML page in Chrome prior to version 128.0.6613.84. Public references across Debian, FreeBSD, Gentoo, and other advisories confirm Chromium/...
CVE-2023-5479
CVE-2023-5479 corresponds to an insufficiently secure Extensions API in Google Chrome/Chromium before 118.0.5993.70, enabling a user-assisted bypass of enterprise policy via a crafted HTML page if a malicious extension is installed. Public details across connected documents confirm the affected c...
CVE-2024-5843
CVE-2024-5843 affects Google Chrome/Chromium: an Inappropriate implementation in Downloads allowed a remote attacker to obfuscate the security UI via a malicious file. The Chrome release notes for 126.x document this as one of 21 fixes, with CVE-2024-5843 listed among Medium/High-severity issues ...
CVE-2019-5828
CVE-2019-5828 is a use-after-free vulnerability in the ServiceWorker component of the Chromium/Google Chrome stack, reported to be exploitable remotely via a crafted HTML page. The issue affects Chromium/Chrome versions prior to 75.0.3770.80, with multiple sources listing an upgrade to 75.0.3770....
CVE-2020-6425
The CVE-2020-6425 entry concerns Chromium/Google Chrome. The vulnerability is a policy enforcement error in extensions that could allow a user-assisted attacker to bypass site isolation via a crafted Chrome extension. Affected product family: Chromium/Chrome browser engines as distributed in Debi...
CVE-2024-7550
This CVE-2024-7550 concerns a Type Confusion in V8 used by Google Chrome/Chromium, leading to potential heap corruption via a crafted HTML page. Affected software is Chrome/Chromium with version guidance shown as pre-127.6533.99 builds. The vulnerability’s root cause is a V8 type confusion that c...
CVE-2019-5829
CVE-2019-5829 is a vulnerability in Google's Chromium/Chrome download manager. The issue is an integer overflow that can trigger an out-of-bounds memory access via a crafted HTML page, potentially enabling remote exploitation. Affected software is Chrome/Chromium released before 75.0.3770.80. Mit...
CVE-2019-5830
CVE-2019-5830 concerns Google Chrome/Chromium: insufficient CORS policy enforcement allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is tracked across multiple advisories and was addressed by updating Chromium/Chrome to a patched release. Affected components:...
CVE-2020-6444
CVE-2020-6444 affects Google Chrome/Chromium WebRTC: uninitialized variable in WebRTC implementation could enable heap corruption via a crafted HTML page. Connected advisories confirm the issue in Chrome prior to 81.0.4044.92 and list it alongside related CVEs in Chromium (CVE-2020-6423, CVE-2020...
CVE-2017-15412
CVE-2017-15412 is a use-after-free in libxml2 (affected before 2.9.5) used by Chrome and other products, potentially enabling heap corruption via crafted HTML. Connected advisories also reference CVE-2018-14404 (NULL pointer dereference in xmlXPathCompOpEval) affecting libxml2 up to 2.9.8 during ...
CVE-2024-7532
CVE-2024-7532 describes an out-of-bounds memory access in ANGLE within Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Affected software/versions: Chrome/Chromium prior to 127.0.6533.99. Impact per sources: critical severity with network attack vector and user ...
CVE-2019-5824
CVE-2019-5824 affects the Chromium/Chrome media path: a parameter-passing error in the media component could enable heap corruption via a crafted HTML page. Connected advisories corroborate that Chromium/Chrome updates across distributions (e.g., Debian DSA-4500-1, openSUSE/Fedora advisories) add...
CVE-2019-5839
CVE-2019-5839 affects Google Chrome (Chromium) prior to 75.0.3770.80. The issue is excessive data validation in the URL parser, enabling a remote attacker who lures a user to input a crafted URL to bypass website URL validation. Root cause: improper validation in the URL parsing logic. Impact, pe...
CVE-2020-6438
CVE-2020-6438 : A policy enforcement error in Chrome extensions prior to 81.0.4044.92 could allow a user-assisted attacker to obtain potentially sensitive information from process memory by convincing a user to install a crafted malicious extension. Affected software: Google Chrome (extensions su...
CVE-2020-6439
CVE-2020-6439 affects Google Chrome/Chromium where an insufficient policy enforcement in navigations permits bypassing the security UI via a crafted HTML page. Affected component is the navigation policy enforcement flow in Chromium/Chrome prior to version 81.0.4044.92. The issue is described as ...
CVE-2020-6489
CVE-2020-6489 corresponds to an inappropriately implemented behavior in Google Chrome’s developer tools prior to 83.0.4103.61. The issue is described as an implementation error in the developer tools component, enabling a remote attacker who tricks a user into performing certain actions on a craf...
CVE-2023-0131
The CVE-2023-0131 entry concerns Google Chrome before version 109.0.5414.74, where an inappropriate implementation in the iframe Sandbox could allow a remote attacker to bypass file download restrictions via a crafted HTML page. The vulnerability affects Chrome/Chromium sandbox behavior and is ra...
CVE-2024-11113
CVE-2024-11113 affects Google Chrome (Accessibility component). A use-after-free in the Accessibility path prior to Chrome 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially cause heap corruption via a crafted HTML page. The Chrome release notes confir...
CVE-2024-7979
CVE-2024-7979 is a Chromium-derived issue: Insufficient data validation in the Windows Installer component of Google Chrome prior to version 128.0.6613.84 allows privilege escalation via a crafted symbolic link. Public sources in the connected documents tie this CVE to Chrome/Chromium, with Debia...