Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4135 | 2 Google, Microsoft | 3 Chrome, Edge, Edge Chromium | 2024-02-15 | N/A | 9.6 CRITICAL |
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-3075 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-15 | N/A | 9.6 CRITICAL |
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-15 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-14 | N/A | 9.8 CRITICAL |
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-1284 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-14 | N/A | 9.8 CRITICAL |
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-6345 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-01-31 | N/A | 9.6 CRITICAL |
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
CVE-2024-0808 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-01-29 | N/A | 9.8 CRITICAL |
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | |||||
CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 9.6 CRITICAL |
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | |||||
CVE-2022-4924 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-4920 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-2136 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-1529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | N/A | 9.8 CRITICAL |
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | |||||
CVE-2022-3890 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-2587 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 9.8 CRITICAL |
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. | |||||
CVE-2022-1853 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2022-1309 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2022-2010 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | N/A | 9.3 CRITICAL |
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2022-0977 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-1312 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
CVE-2022-0973 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |