Total
3660 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8479 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device. | |||||
CVE-2016-5185 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | |||||
CVE-2015-6755 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
CVE-2014-1714 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. | |||||
CVE-2016-5183 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | |||||
CVE-2015-6758 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | N/A |
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | |||||
CVE-2014-3167 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2014-9646 | 1 Google | 1 Chrome | 2025-04-12 | 4.6 MEDIUM | N/A |
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | |||||
CVE-2016-1639 | 1 Google | 1 Chrome | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. | |||||
CVE-2016-5193 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | |||||
CVE-2016-5170 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. | |||||
CVE-2014-7937 | 2 Ffmpeg, Google | 2 Ffmpeg, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. | |||||
CVE-2015-1300 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. | |||||
CVE-2014-3162 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-1264 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. | |||||
CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | |||||
CVE-2014-1735 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-6774 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data. | |||||
CVE-2015-1360 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. | |||||
CVE-2015-1211 | 7 Apple, Canonical, Google and 4 more | 11 Macos, Ubuntu Linux, Chrome and 8 more | 2025-04-12 | 7.5 HIGH | N/A |
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. |