Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3675 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12382 | 1 Google | 1 Chrome | 2024-12-17 | 8.8 High |
| Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-12381 | 1 Google | 1 Chrome | 2024-12-17 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-7013 | 1 Google | 1 Chrome | 2024-11-25 | 5.4 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2019-25154 | 1 Google | 1 Chrome | 2024-11-21 | 5.3 Medium |
| Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5500 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-3175 | 1 Google | 1 Chrome | 2024-11-21 | 6.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-3173 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2024-3171 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2024-3170 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3169 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-11-21 | 7.5 High |
| The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | ||||
| CVE-2023-3742 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 6.8 Medium |
| Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | ||||
| CVE-2023-3739 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 6.3 Medium |
| Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low) | ||||
| CVE-2023-3731 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2023-3729 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High) | ||||
| CVE-2023-3497 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 4.6 Medium |
| Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium) | ||||
| CVE-2023-2458 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High) | ||||
| CVE-2023-2457 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High) | ||||
| CVE-2023-1236 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-1235 | 1 Google | 1 Chrome | 2024-11-21 | 6.3 Medium |
| Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | ||||