Search
Total
3051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4206 | 3 Fedoraproject, Google, Webkitgtk | 3 Fedora, Chrome, Webkitgtk | 2020-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. | |||||
| CVE-2010-4575 | 1 Google | 2 Chrome, Chrome Os | 2020-07-31 | 4.3 MEDIUM | N/A |
| The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension. | |||||
| CVE-2010-4574 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2020-07-31 | 7.5 HIGH | N/A |
| The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data. | |||||
| CVE-2010-4576 | 1 Google | 2 Chrome, Chrome Os | 2020-07-29 | 5.0 MEDIUM | N/A |
| browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. | |||||
| CVE-2010-4578 | 2 Debian, Google | 3 Debian Linux, Chrome, Chrome Os | 2020-07-28 | 7.5 HIGH | N/A |
| Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | |||||
| CVE-2010-4493 | 2 Debian, Google | 2 Debian Linux, Chrome | 2020-07-28 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. | |||||
| CVE-2010-4492 | 2 Debian, Google | 2 Debian Linux, Chrome | 2020-07-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. | |||||
| CVE-2010-3111 | 1 Google | 1 Chrome | 2020-07-28 | 10.0 HIGH | N/A |
| Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. | |||||
| CVE-2011-0484 | 1 Google | 2 Chrome, Chrome Os | 2020-07-27 | 7.5 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." | |||||
| CVE-2011-0477 | 1 Google | 2 Chrome, Chrome Os | 2020-07-27 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-6505 | 1 Google | 1 Chrome | 2020-07-27 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2011-0485 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." | |||||
| CVE-2011-0480 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2020-07-24 | 9.3 HIGH | N/A |
| Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. | |||||
| CVE-2011-0479 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 7.5 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | |||||
| CVE-2011-0475 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document. | |||||
| CVE-2011-0474 | 2 Debian, Google | 3 Debian Linux, Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0470 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 5.0 MEDIUM | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2011-0478 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0483 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 5.0 MEDIUM | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-0482 | 2 Debian, Google | 3 Debian Linux, Chrome, Chrome Os | 2020-07-24 | 4.3 MEDIUM | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2011-0481 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 9.3 HIGH | N/A |
| Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading. | |||||
| CVE-2011-0476 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error. | |||||
| CVE-2011-0473 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0472 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 9.3 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | |||||
| CVE-2011-0471 | 1 Google | 2 Chrome, Chrome Os | 2020-07-24 | 10.0 HIGH | N/A |
| The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-6485 | 1 Google | 2 Chrome, Chrome Os | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6466 | 1 Google | 1 Chrome | 2020-07-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6484 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. | |||||
| CVE-2020-6465 | 1 Google | 1 Chrome | 2020-07-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6491 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. | |||||
| CVE-2020-6488 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6479 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6478 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6469 | 1 Google | 1 Chrome | 2020-07-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6458 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-6435 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6437 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | |||||
| CVE-2020-6445 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6446 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6462 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6495 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6497 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | |||||
| CVE-2020-6498 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2020-6493 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6460 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. | |||||
| CVE-2020-6457 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6461 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6456 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | |||||
| CVE-2020-6455 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6439 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||