Total
3354 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0519 | 1 Google | 1 Chrome | 2024-01-22 | N/A | 8.8 HIGH |
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-0518 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-01-22 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-0517 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-01-22 | N/A | 8.8 HIGH |
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-0333 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-01-18 | N/A | 5.3 MEDIUM |
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-4863 | 6 Debian, Fedoraproject, Google and 3 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-01-07 | N/A | 8.8 HIGH |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |||||
CVE-2023-3742 | 1 Google | 2 Chrome, Chrome Os | 2024-01-04 | N/A | 6.8 MEDIUM |
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | |||||
CVE-2020-16873 | 2 Google, Microsoft | 2 Chrome, Xamarin.forms | 2023-12-31 | 6.8 MEDIUM | 4.7 MEDIUM |
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p> | |||||
CVE-2015-1239 | 3 Debian, Google, Uclouvain | 4 Debian Linux, Chrome, Pdfium and 1 more | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | |||||
CVE-2022-4907 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-28 | N/A | 8.8 HIGH |
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2021-21220 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-14 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-4918 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2022-4916 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2021-4322 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
CVE-2022-4922 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 9.6 CRITICAL |
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | |||||
CVE-2021-4320 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-4917 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2023-12-10 | N/A | 4.3 MEDIUM |
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2021-4323 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
CVE-2022-4906 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-4908 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 4.3 MEDIUM |
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |