241 matches found
CVE-2022-29146
CVE-2022-29146 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. CVSS v3.1 base score 8.3 (HIGH) with network attack vector, high attack complexity, no privileges required, user interaction required, scope changed; impacts include confidentiality, integrity and availabili...
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2022-29144
CVE-2022-29144 : Microsoft Edge (Chromium-based) has an Elevation of Privilege vulnerability. The NVD entry rates it as CVSS v3.1 base score 7.5 (HIGH) with vectors AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Exploitation involves no user privilege but requires user interaction, and the impact covers co...
CVE-2020-16009
CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...
CVE-2022-4135
CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...
CVE-2022-29147
CVE-2022-29147 is documented as a Spoofing Vulnerability in Microsoft Edge (Chromium-based) . The available sources identify the issue with Edge UI spoofing, but do not provide detailed technical roots beyond the vulnerability class. The CVSS data in the Initial Document shows a low base score (3...
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2022-23264
Microsoft Edge (Chromium-based) is affected by CVE-2022-23264, a spoofing vulnerability impacting the browser’s user interface. The issue is described as a Spoofing Vulnerability in Edge (Chromium-based) with a CVSS v3.1 base score of 4.7 (MEDIUM) and a Network attack vector requiring user intera...
CVE-2021-21157
CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...
CVE-2025-65046
CVE-2025-65046 is a Microsoft Edge (Chromium-based) spoofing vulnerability. The connected sources corroborate a spoofing flaw in Edge with low overall base score (CVSS v3.1: 3.1, low impact on confidentiality/integrity/availability; user interaction required; network attack vector; high attack co...
CVE-2022-44708
CVE-2022-44708 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. The initial document lists Edge Chromium-based Elevation of Privilege (CVE-2022-44708) with a CVSS v3.1 base score of 8.3 (High), attack vector Network, attack complexity High, privileges required None, user...
CVE-2025-14174
CVE-2025-14174 = Out-of-bounds memory access in ANGLE within Google Chrome on macOS prior to 143.0.7499.110. A remote attacker could trigger memory access errors via a crafted HTML page. Affected software: Google Chrome on macOS; vulnerable component: ANGLE. Impact: high enough to potentially ena...
CVE-2025-53791
CVE-2025-53791 affects Microsoft Edge (Chromium-based). The provided data indicate an improper access control vulnerability that allows an unauthorized network attacker to bypass a security feature. The description and connected sources confirm the affected product family but do not specify affec...
CVE-2022-26899
CVE-2022-26899 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. The connected sources confirm an Edge EoP issue with the NVD listing a base CVSS v3.1 score of 8.8 (HIGH) and an MSRC entry; exploitation status is not detailed in the provided documents. Affected product: M...
CVE-2023-6345
CVE-2023-6345 is an integer overflow in the Skia graphics library used by Google Chrome prior to 119.0.6045.199. The vulnerability allows a renderer-compromised attacker to potentially escape the sandbox via a malicious file. Affected product: Google Chrome (Skia component). Root cause: integer o...
CVE-2025-5419
CVE-2025-5419: Out-of-bounds read/write in V8 (Chromium) used by Google Chrome/Chromium-based browsers. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Affected: Google Chrome/Chromium’s V8 until version 137.0.7151.68. Impact described as High (C:E/I/H/A: High...
CVE-2023-4762
CVE-2023-4762 is a Type Confusion in V8 affecting Google Chrome/Chromium prior to 116.0.5845.179 that allows remote code execution via a crafted HTML page. The vulnerability is documented in multiple sources (Chrome/Chromium release notes; Debian security advisory stating fixes in 116.0.5845.180 ...
CVE-2021-33741
Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability (CVE-2021-33741) affects the Edge Chromium browser. The connected sources confirm an Elevation of Privilege issue with Edge, but do not provide concrete exploit details, root cause specifics, or affected versions beyond the gene...
CVE-2023-29334
Technical details for CVE-2023-29334 (affected products, root cause, impact, and fixes) are not provided in the supplied documents. Monitor vendor advisories and security feeds for an official update.
CVE-2024-7965
CVE-2024-7965 affects Google Chrome’s V8 engine (Chromium) with an inappropriate implementation vulnerability that allows remote heap corruption via a crafted HTML page. Impact is High (CVE entry notes potential exploitation, with network attack vector and user interaction required). Affected sof...
CVE-2021-30617
CVE-2021-30617 affects Chromium’s Blink engine with a policy bypass vulnerability. Connected sources label the issue as a Blink policy bypass in Chromium and reference Chromium 93.x updates as mitigations (e.g., Fedora advisories: chromium-93.0.4577.63-1.fc34/.fc35). The core detail consistently ...
CVE-2023-38158
CVE-2023-38158 is an Information Disclosure vulnerability affecting Microsoft Edge (Chromium-based). The initial description notes a low-severity information disclosure issue. Connected sources corroborate that Edge versions prior to 116.0.1938.54 are affected, with remediation involving an updat...
CVE-2023-36887
CVE-2023-36887 affects Microsoft Edge (Chromium-based). Talos details a memory corruption/type confusion vulnerability in the MSDCPDF Javascript implementation used to process Acrobat-based PDFs, exploitable via specially crafted PDF documents. Affected Edge versions include 112.0.1722.58 and 114...
CVE-2023-36741
CVE-2023-36741 refers to a Microsoft Edge (Chromium-based) elevation of privilege vulnerability. The initial document identifies the vulnerability as Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability with a high-severity CVSS score (base 7.5/8.3 in the NVD/Microsoft CVSS vector...
CVE-2021-30624
CVE-2021-30624 is reported as a Use after free in Autofill in Chromium. The connected documents consistently refer to Chromium Autofill as the vulnerable component and identify the root cause as a use-after-free condition in Autofill code paths. The published CVSS metrics in the initial descripti...
CVE-2023-36409
CVE-2023-36409 affects Microsoft Edge (Chromium-based). It is an information disclosure vulnerability. CNNVD reports affected versions prior to 118.0.2088.46. Other sources reference this CVE in GLSA-202402-05 with Edge multi-vulnerability context. Remediation: update to the latest Microsoft Edge...
CVE-2023-38157
CVE-2023-38157 — Microsoft Edge (Chromium-based) Security Feature Bypass is documented as affecting the Edge browser. The provided sources identify the affected product as Microsoft Edge (Chromium-based) and describe the vulnerability as a security feature bypass. The CVSS vector in the Initial d...
CVE-2023-36787
Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability (CVE-2023-36787) affects Edge; root cause details are per CVE entry and linked advisories. Connected sources confirm the issue is a privilege-escalation in Edge (Chromium) and note that public exploits exist. Deployment impact i...
CVE-2025-21262
Microsoft Edge (Chromium-based) is affected by CVE-2025-21262 (UI spoofing). The vulnerability concerns misrepresentation of UI information in the browser, enabling a network-based attacker to perform spoofing. Affected product: Microsoft Edge (Chromium-based); vulnerable component/function: User...
CVE-2022-24523
Technical details about CVE-2022-24523 are not publicly provided in the connected documents; the available sources only reference the vulnerability as a Chrome-based Edge spoofing issue with general context. Monitor for updates.
CVE-2024-38218
CVE-2024-38218 affects Microsoft Edge (HTML-based). The issue is a memory corruption vulnerability in the HTML-based engine, with high impact to confidentiality, integrity, and availability (CVSS metrics show LOCAL attacker, low complexity, no user interaction). Connected sources confirm the Edge...
CVE-2021-21132
CVE-2021-21132 stems from an inappropriate implementation in the DevTools component of Google Chrome (Chromium) prior to 88.0.4324.96, which could allow a remote attacker to escape the sandbox via a crafted Chrome Extension. Affected product/area: Chrome/Chromium DevTools. Root cause: implementat...
CVE-2022-26891
Technical details for CVE-2022-26891 are not publicly available in the provided documents. Monitor for updates from official advisories; sources list Edge Chromium as affected but do not disclose root cause, affected versions, or remediation specifics.
CVE-2021-21118
CVE-2021-21118 is a data validation issue in the V8 JavaScript engine of Chromium-based browsers. The connected advisories and Debian/Arch Fedora entries confirm the vulnerability stems from insufficient data validation in V8 prior to version 88.0.4324.96, potentially enabling out-of-bounds memor...
CVE-2021-21123
CVE-2021-21123 is a data validation vulnerability in Google Chrome’s File System API (Chromium) prior to 88.0.4324.96. The issue allows a remote attacker to bypass filesystem restrictions via a crafted HTML page due to insufficient data validation in the File System API/File System component. The...
CVE-2022-26900
Technical details about CVE-2022-26900 (affected component, root cause, impact and fixes) are not provided in the supplied documents. Monitor for official advisories and vendor updates for specifics.
CVE-2022-33638
Technical details for CVE-2022-33638 are not publicly provided in the supplied documents. Please monitor official advisories (MSRC, NVD) and vendor communications for affected components, impact, and remediation.
CVE-2023-36014
CVE-2023-36014 affects Microsoft Edge (Chromium-based). The connected sources identify a remote code execution vulnerability in Edge Chromium components prior to versions 118.0.2088.102 and 119.0.2151.58 (Nessus plugin reference). The NVD entry lists a Exploitability: Local access with Low comple...
CVE-2024-49041
Microsoft Edge (Chromium-based) spoofing vulnerability CVE-2024-49041 affects Edge versions up to 131.0.2903.63 per PT-2024-9305; remediation is to upgrade to a fixed version per advisories. Exploitation status is not detailed in the provided documents.
CVE-2021-21120
CVE-2021-21120 is a use-after-free in Chromium’s WebSQL implementation reported as affecting Chromium before version 88.0.4324.96 . The connected sources confirm a remote attacker could potentially exploit this to cause heap corruption via a crafted HTML page. The details consistently reference t...
CVE-2021-21122
CVE-2021-21122 is a use-after-free in the Blink/WebKit component of the Chromium/Chrome stack, reported to affect Chromium builds before version 88.0.4324.96. The vulnerability resides in Blink and, per security advisories, could result in arbitrary code execution or heap corruption when a crafte...
CVE-2024-21399
CVE-2024-21399 affects Microsoft Edge (Chromium-based). It is described as a Remote Code Execution vulnerability with CVSS v3.1 base score 8.3 (HIGH): network attack vector, high impact on confidentiality, integrity, and availability, and requires user interaction with no privileges. The provided...
CVE-2021-21135
CVE-2021-21135 corresponds to an incorrect implementation in the Performance API of Chromium/Chrome prior to 88.0.4324.96. The flaw allows a remote attacker to leak cross-origin data via a crafted HTML page. The issue is tied to the Chromium browser, with advisories and package updates in distrib...
CVE-2023-23374
CVE-2023-23374 affects Microsoft Edge (Chromium-based) and is a Remote Code Execution vulnerability with a CVSS v3.1 base score of 8.3 (HIGH). It is network-exploitable with high attack complexity and requires user interaction. The connected GLSA/Gentoo-NASL entries indicate this CVE is part of a...
CVE-2025-21267
CVE-2025-21267 is a Microsoft Edge (Chromium-based) Spoofing Vulnerability. Public references in connected docs confirm the affected product and that it enables spoofing of the user interface. The CVSS metrics in the Initial document indicate a Local attack vector, Low confidentiality/ integrity ...
CVE-2021-21121
CVE-2021-21121 is a concrete use-after-free vulnerability in Chromium’s Omnibox on Linux, described as a use-after-free in the Omnibox component of the Chromium browser before version 88.0.4324.96. The advisory states a remote attacker could potentially perform a sandbox escape via a crafted HTML...
CVE-2024-29981
CVE-2024-29981 affects Microsoft Edge (Chromium-based). The vulnerability is a spoofing flaw in the browser’s UI surface that could enable spoofed user interfaces. CVSS 3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, base score 4.3 (Medium); exploitation requires user interaction and the attack vector i...
CVE-2021-21119
CVE-2021-21119 : A use-after-free in the Media component of Google Chrome/Chromium prior to 88.0.4324.96 could allow a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The issue affects Chromium-based browsers and was noted a...
CVE-2024-26163
CVE-2024-26163 affects Microsoft Edge (Chromium-based). A security feature bypass vulnerability with CVSSv3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (base score 4.7, MEDIUM). The issue is network-exploitable with user interaction required; impact is limited to bypassing security featur...
CVE-2021-21128
CVE-2021-21128 is a heap buffer overflow in Blink/WebKit of the Chromium browser prior to 88.0.4324.96. Per the Arch/DEBIAN security entries, this is a Chromium/browser component issue that could enable arbitrary code execution and is fixed in newer Chromium builds (upstream or downstream) after ...