V8 Security Vulnerabilities and Issues — V8 CVE List

Lucene search

GoogleV8

8 matches found

CVE•added 2016/07/23 7:59 p.m.•109 views

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS9.1AI score0.01328EPSS

CVE•added 2016/05/14 9:59 p.m.•99 views

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impa...

9.3CVSS8.8AI score0.05801EPSS

CVE•added 2016/07/23 7:59 p.m.•91 views

CVE-2016-5128

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

8.8CVSS8.3AI score0.00744EPSS

CVE•added 2016/06/05 11:59 p.m.•75 views

CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

6.5CVSS6.7AI score0.10058EPSS

CVE•added 2016/03/29 10:59 a.m.•69 views

CVE-2016-3679

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.3CVSS8.7AI score0.0085EPSS

CVE•added 2016/06/05 11:59 p.m.•67 views

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS8.8AI score0.01307EPSS

CVE•added 2016/06/05 11:59 p.m.•66 views

CVE-2016-1688

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

6.5CVSS6.6AI score0.04867EPSS

CVE•added 2016/03/06 2:59 a.m.•56 views

CVE-2016-2843

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.5AI score0.00889EPSS