Total
3353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2871 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | |||||
| CVE-2012-5140 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-12-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. | |||||
| CVE-2011-3093 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2012-2842 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling. | |||||
| CVE-2013-6634 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
| The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | |||||
| CVE-2012-2888 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-12-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references. | |||||
| CVE-2011-3071 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-2860 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2011-3061 | 1 Google | 1 Chrome | 2023-12-10 | 5.8 MEDIUM | N/A |
| Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2011-3101 | 2 Google, Linux | 2 Chrome, Linux | 2023-12-10 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. | |||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3083 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. | |||||
| CVE-2012-1521 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2023-12-10 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2012-5123 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | |||||
| CVE-2012-2764 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-12-10 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. | |||||
| CVE-2011-3057 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. | |||||
| CVE-2013-2855 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||