Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product V8
Total 33 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1678 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-1669 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, V8 and 1 more 2018-10-30 9.3 HIGH 8.8 HIGH
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-3679 3 Canonical, Google, Opensuse 4 Ubuntu Linux, Chrome, V8 and 1 more 2018-10-30 9.3 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1677 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
CVE-2016-1688 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
CVE-2013-0836 2 Google, Opensuse 3 Chrome, V8, Opensuse 2018-10-30 6.8 MEDIUM N/A
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2014-3152 2 Fedoraproject, Google 3 Fedora, Chrome, V8 2017-12-29 7.5 HIGH N/A
Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.
CVE-2013-2838 1 Google 2 Chrome, V8 2017-09-19 5.0 MEDIUM N/A
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5128 2 Google, Linux 3 Chrome, V8, Linux Kernel 2017-09-19 7.5 HIGH N/A
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3886 1 Google 2 Chrome, V8 2017-09-19 6.8 MEDIUM N/A
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
CVE-2015-1346 3 Canonical, Chromium, Google 4 Ubuntu Linux, Chromium, Chrome and 1 more 2017-09-08 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5129 1 Google 2 Chrome, V8 2017-09-01 6.8 MEDIUM 8.8 HIGH
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-5128 1 Google 2 Chrome, V8 2017-09-01 6.8 MEDIUM 8.8 HIGH
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2012-5120 2 Google, Linux 3 Chrome, V8, Linux Kernel 2017-08-29 7.5 HIGH N/A
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array.
CVE-2009-2555 1 Google 2 Chrome, V8 2017-08-17 9.3 HIGH N/A
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
CVE-2013-6668 1 Google 2 Chrome, V8 2017-01-07 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2014-1704 1 Google 2 Chrome, V8 2017-01-07 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-3333 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2017-01-03 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1242 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2017-01-03 7.5 HIGH N/A
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
CVE-2015-3910 1 Google 2 Chrome, V8 2016-12-31 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.