Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

46 matches found

CVE•added 2020/11/03 3:15 a.m.•2061 views

CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6CVSS7.1AI score0.93127EPSS

In wild

CVE•added 2020/11/03 3:15 a.m.•1351 views

CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.80718EPSS

In wild

CVE•added 2020/11/03 3:15 a.m.•1257 views

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.03155EPSS

CVE•added 2020/11/03 3:15 a.m.•1096 views

CVE-2020-16010

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.5AI score0.13637EPSS

In wild

CVE•added 2020/11/03 3:15 a.m.•204 views

CVE-2020-15972

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.03497EPSS

CVE•added 2020/11/03 3:15 a.m.•196 views

CVE-2020-16011

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.1AI score0.01598EPSS

CVE•added 2020/11/03 3:15 a.m.•192 views

CVE-2020-15991

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.8AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•191 views

CVE-2020-6557

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.3AI score0.00817EPSS

CVE•added 2020/11/03 3:15 a.m.•189 views

CVE-2020-16003

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01907EPSS

CVE•added 2020/11/03 3:15 a.m.•187 views

CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01365EPSS

CVE•added 2020/11/03 3:15 a.m.•186 views

CVE-2020-15976

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01648EPSS

CVE•added 2020/11/03 3:15 a.m.•185 views

CVE-2020-15974

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS7.9AI score0.00908EPSS

CVE•added 2020/11/03 3:15 a.m.•185 views

CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01485EPSS

CVE•added 2020/11/03 3:15 a.m.•185 views

CVE-2020-15990

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.7AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•184 views

CVE-2020-15967

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.7AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•184 views

CVE-2020-15982

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.00996EPSS

CVE•added 2020/11/03 3:15 a.m.•183 views

CVE-2020-15968

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01485EPSS

CVE•added 2020/11/03 3:15 a.m.•183 views

CVE-2020-15985

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.3AI score0.00817EPSS

CVE•added 2020/11/03 3:15 a.m.•183 views

CVE-2020-16002

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.01433EPSS

CVE•added 2020/11/03 3:15 a.m.•182 views

CVE-2020-15987

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

8.8CVSS8.8AI score0.016EPSS

CVE•added 2020/11/03 3:15 a.m.•181 views

CVE-2020-15986

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.01312EPSS

CVE•added 2020/11/03 3:15 a.m.•181 views

CVE-2020-15989

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5CVSS5.6AI score0.00436EPSS

CVE•added 2020/11/03 3:15 a.m.•180 views

CVE-2020-16000

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01753EPSS

CVE•added 2020/11/03 3:15 a.m.•179 views

CVE-2020-15981

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00735EPSS

CVE•added 2020/11/03 3:15 a.m.•179 views

CVE-2020-15988

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.

6.8CVSS6.9AI score0.0129EPSS

CVE•added 2020/11/03 3:15 a.m.•178 views

CVE-2020-15971

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.7AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•178 views

CVE-2020-15975

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•178 views

CVE-2020-15995

Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01308EPSS

CVE•added 2020/11/03 3:15 a.m.•177 views

CVE-2020-15977

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

6.5CVSS6.2AI score0.0114EPSS

CVE•added 2020/11/03 3:15 a.m.•176 views

CVE-2020-15970

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.7AI score0.01427EPSS

CVE•added 2020/11/03 3:15 a.m.•176 views

CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

6.5CVSS6.4AI score0.00819EPSS

CVE•added 2020/11/03 3:15 a.m.•176 views

CVE-2020-16005

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01241EPSS

CVE•added 2020/11/03 3:15 a.m.•175 views

CVE-2020-15978

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

8.8CVSS7.6AI score0.00923EPSS

CVE•added 2020/11/03 3:15 a.m.•175 views

CVE-2020-15984

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

6.5CVSS6.1AI score0.00821EPSS

CVE•added 2020/11/03 3:15 a.m.•175 views

CVE-2020-15992

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.00908EPSS

CVE•added 2020/11/03 3:15 a.m.•175 views

CVE-2020-16004

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01241EPSS

CVE•added 2020/11/03 3:15 a.m.•175 views

CVE-2020-16008

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

8.8CVSS8.8AI score0.01217EPSS

CVE•added 2020/11/03 3:15 a.m.•174 views

CVE-2020-15980

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

7.8CVSS7.2AI score0.00027EPSS

CVE•added 2020/11/03 3:15 a.m.•173 views

CVE-2020-16001

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01907EPSS

CVE•added 2020/11/03 3:15 a.m.•173 views

CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

7.8CVSS7.4AI score0.00025EPSS

CVE•added 2020/11/03 3:15 a.m.•167 views

CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

7.8CVSS7.1AI score0.00025EPSS

CVE•added 2020/11/03 3:15 a.m.•76 views

CVE-2020-15994

Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.05004EPSS

CVE•added 2020/11/03 3:15 a.m.•67 views

CVE-2020-15993

Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.8CVSS9.6AI score0.00967EPSS

CVE•added 2020/11/03 3:15 a.m.•61 views

CVE-2020-15998

Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.9AI score0.00454EPSS

CVE•added 2020/11/03 3:15 a.m.•54 views

CVE-2020-15996

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.9AI score0.00979EPSS

CVE•added 2020/11/03 3:15 a.m.•50 views

CVE-2020-15997

Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.9AI score0.00979EPSS