33 matches found
CVE-2014-3152
CVE-2014-3152 affects Google V8’s ARM codegen path. An integer underflow in LCodeGen::PrepareKeyedOperand (arm/lithium-codegen-arm.cc) in V8 builds used by Chrome before 35.0.1916.114 allows remote denial of service via vectors triggering a negative key value. Public reports indicate patches were...
CVE-2016-1669
The vulnerability CVE-2016-1669 affects Google V8’s Zone::New in zone.cc, with V8 versions before 5.0.71.47 used by Google Chrome older than 50.0.2661.102. A mis-timed expansion of memory allocations can allow a remote attacker to trigger a buffer overflow, causing denial of service and potential...
CVE-2016-5129
CVE-2016-5129 refers to a memory corruption vulnerability in Google V8 (the JavaScript engine) used by Google Chrome. According to the sources, V8 before 5.2.361.32 on Chrome before 52.0.2743.82 fails to properly process left-trimmed objects, which could be exploited by crafted JavaScript to caus...
CVE-2016-5128
CVE-2016-5128 refers to a Same-Origin Policy bypass in the V8 JavaScript engine used by Google Chrome/Chromium. Objects.cc in V8 before 5.2.361.27 allowed API interceptors to modify a store target without setting a property, enabling a crafted website to bypass SOP. Affected products/versions cit...
CVE-2013-2838
CVE-2013-2838 affects Chromium/Google Chrome’s V8 engine prior to 27.0.1453.93, enabling a remote attacker to cause a denial of service via an out-of-bounds read with unspecified vectors. Public reports in connected docs confirm the issue as part of a set of Chrome/Chromium vulnerabilities and sh...
CVE-2015-1242
CVE-2015-1242 describes a type-confusion vulnerability in Google V8’s ReduceTransitionElementsKind (hydrogen-check-elimination.cc) exploited via crafted JavaScript, affecting Google Chrome before 42.0.2311.90. It is triggered by the check-elimination optimization and can lead to denial of service...
CVE-2013-6639
CVE-2013-6639 affects Google V8 (before 3.22.24.7) as used in Google Chrome before 31.0.1650.63. The DehoistArrayIndex function in hydrogen-dehoist.cc (hydrogen.cc) can trigger an out-of-bounds write via crafted array indices, potentially leading to a denial of service. The public records indicat...
CVE-2016-1677
CVE-2016-1677 refers to a type confusion in the V8 JavaScript engine used by Google Chrome/Chromium prior to version 51.0.2704.63. The flaw could allow a remote attacker to obtain sensitive information by calling decodeURI, via the affected V8 bindings, as part of the Chromium/Chrome stack. The c...
CVE-2016-1688
CVE-2016-1688 is an out-of-bounds read in the V8 JavaScript library used by Google Chrome/Chromium prior to 51.0.2704.63. The root cause involves mishandling external string sizes, enabling a remote attacker to trigger a denial of service via crafted JavaScript. Remediation: upgrade to Chrome/Chr...
CVE-2013-6640
The CVE-2013-6640 issue affects the Google V8 JavaScript engine (used in Google Chrome) where the function DehoistArrayIndex in hydrogen-dehoist.cc allows an attacker to trigger an out-of-bounds read via a crafted array index. This vulnerability is associated with V8 builds before version 3.22.24...
CVE-2013-6668
CVE-2013-6668 refers to multiple vulnerabilities in the V8 JavaScript engine (before 3.24.35.10) as used in Google Chrome prior to 33.0.1750.146. The connected documents confirm that these issues were fixed in V8 version 3.24.35.10 and are reflected in Chromium/Chrome patches (e.g., Chrome 33.x s...
CVE-2014-1704
CVE-2014-1704 concerns multiple unspecified vulnerabilities in Google's V8 JavaScript engine (pre-3.23.17.18) as used by Google Chrome before 33.0.1750.149. Reported impact includes denial of service and potentially other effects via unknown vectors. Public details in connected documents indicate...
CVE-2015-8478
CVE-2015-8478 concerns multiple unspecified vulnerabilities in Google V8 prior to 4.7.80.23, used in Google Chrome up to version 47.0.2526.73. The description notes potential denial of service and possibly other impact via unknown vectors. The connected documents confirm affected component (V8) a...
CVE-2013-0836
CVE-2013-0836 affects Google V8 before 3.14.5.3 as used in Google Chrome before 24.0.1312.52, with a weakness in garbage collection that can cause a remote denial of service (application crash) via crafted JavaScript. The connected documents corroborate the issue across multiple vendors and distr...
CVE-2015-3333
CVE-2015-3333 affects Google V8 before 4.2.77.14 as used by Google Chrome before 42.0.2311.90. The vulnerability family could cause a denial of service or other impact via unknown vectors. Public advisories (Debian/Ubuntu) indicate fixes in chromium-browser versions around 42.0.2311.90. No exploi...
CVE-2016-1678
CVE-2016-1678 describes a heap overflow in the V8 JavaScript engine (used by Google Chrome) due to insufficient restriction of lazy deoptimization in objects.cc. Affected software includes V8 up to 5.0.71.32 and Google Chrome up to 51.0.2704.63. Exploitation could allow a remote attacker to cause...
CVE-2016-2843
CVE-2016-2843 affects Google V8 used in Google Chrome up to version 49.0.2623.75. The issue covers multiple unspecified vulnerabilities in V8 before 4.9.385.26 that could cause a denial of service or potentially other impact via unknown vectors. According to the CVSSv3 data, this entry is rated C...
CVE-2016-3679
CVE-2016-3679 covers multiple vulnerabilities in Google V8 (pre-4.9.385.33) as used by Chromium/Chrome (before 49.0.2623.108). The documented impact per NVD is possible denial-of-service and other effects. OpenSUSE/Nessus references indicate Chromium patching to 4.9.385.33 (Chrome 49.0.2623.108) ...
CVE-2015-2238
CVE-2015-2238 corresponds to multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, used by Google Chrome before 41.0.2272.76. The documented impact is denial of service or possibly other effects via unknown vectors. The vulnerability is in the V8 engine component (not in a specific f...
CVE-2015-3910
CVE-2015-3910 is reported for Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65. The connected documents confirm multiple unspecified vulnerabilities in V8 with possible denial of service or other impact via unknown vectors. They also show the issue referenced in Ubuntu/Deb...
CVE-2015-8548
CVE-2015-8548 corresponds to multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, used in Google Chrome before 47.0.2526.80, which can cause a denial of service or potentially other impact via unknown vectors. Connected sources indicate this is addressed by Chromium/Chrome security...
CVE-2014-7967
CVE-2014-7967 corresponds to multiple vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101. The issue can cause denial of service and may have other impacts via unknown vectors. Affected software includes Chrome prior to 38.0.2125.101 and the V8 engine bef...
CVE-2012-5120
CVE-2012-5120 is part of a Chromium/V8 set of vulnerabilities described in GLSA-201309-16. The CVE corresponds to Google V8 before 3.13.7.5 (as used in Chrome prior to 23.0.1271.64) and relates to an out-of-bounds access in JavaScript arrays that could lead to denial of service or other impact. T...
CVE-2015-7834
CVE-2015-7834 affects Google V8 before 4.6.85.23 as used in Chrome before 46.0.2490.71. The vulnerability could lead to a denial of service and possibly other impact via unknown vectors. Connected advisories indicate fixes in the 46.0.2490.71 range (Chrome/Chromium updates and OS advisories such ...
CVE-2012-5128
CVE-2012-5128 affects Google V8 before 3.13.7.5 as used in Google Chrome before 23.0.1271.64. The flaw is improper write operations that can cause a denial of service or have other unspecified impact via unknown vectors. Affected product/component: V8 engine (and Chrome integration). Impact: part...
CVE-2013-6638
CVE-2013-6638 is a vulnerability in Google V8 up to 3.22.24.7 (used by Google Chrome up to 31.0.1650.63). It describes multiple buffer overflows in v8/runtime.cc, specifically in Runtime_TypedArrayInitialize and Runtime_TypedArrayInitializeFromArrayLike, that could lead to denial of service or ot...
CVE-2015-5380
CVE-2015-5380 affects Google V8 (as used by Node.js and io.js) where Utf8DecoderBase::WriteUtf16Slow may not verify memory for a UTF-16 surrogate pair. This can enable a remote attacker to trigger denial of service via a crafted byte sequence, potentially causing memory corruption. Affected versi...
CVE-2015-6580
CVE-2015-6580 relates to multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85. The description indicates a denial of service or possibly other impact via unknown vectors. The connected documents consistently reference Google Chrome/V8 a...
CVE-2013-2632
CVE-2013-2632 affects Google V8 up to version 3.17.12 (in Chrome prior to 27.0.1444.3). The vulnerability, triggered by crafted JavaScript (Bejeweled example), can cause an application crash and potentially other impact. Affected software: V8 JavaScript engine as used in Google Chrome. Root cause...
CVE-2015-1346
CVE-2015-1346 covers multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, used in Google Chrome before 40.0.2214.91. The NVD entry notes potential denial of service or other impact via unknown vectors. Connected sources corroborate Chrome/Chromium lineage and list affected version...
CVE-2011-3886
CVE-2011-3886 is listed among multiple Chromium/V8 vulnerabilities. The connected Gentoo GLSA notes that Chromium and V8 had several issues and explicitly references CVE-2011-3886. The advisory/entry states affected products are Chromium with V8, and that a local/remote style of exploitation coul...
CVE-2009-2555
Summary (CVE-2009-2555) : The OpenVAS/Nessus entries and the Chrome release notes confirm a heap-based buffer/memory corruption vulnerability in Google V8 (src/jsregexp.cc) before V8 1.1.10.14, leveraged by Chrome prior to 2.0.172.37. The issue allows remote attackers to execute arbitrary code vi...
CVE-2011-5037
The CVE-2011-5037 vulnerability is in Google V8: hash computations for form parameters permit predictable collisions, enabling remote attackers to trigger CPU-based DoS, demonstrated against Node.js. Reports across advisories describe a DoS via hash-collision attacks affecting multiple language r...