Search
Total
3051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1634 | 1 Google | 1 Chrome | 2016-12-03 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. | |||||
| CVE-2016-1643 | 1 Google | 1 Chrome | 2016-12-03 | 9.3 HIGH | 8.8 HIGH |
| The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
| CVE-2016-1642 | 1 Google | 1 Chrome | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-1644 | 1 Google | 1 Chrome | 2016-12-03 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2016-1638 | 1 Google | 1 Chrome | 2016-12-03 | 6.8 MEDIUM | 6.3 MEDIUM |
| extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app. | |||||
| CVE-2016-1630 | 1 Google | 1 Chrome | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2016-1631 | 1 Google | 1 Chrome | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2016-1632 | 1 Google | 1 Chrome | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h. | |||||
| CVE-2015-2239 | 1 Google | 1 Chrome | 2016-12-03 | 4.3 MEDIUM | N/A |
| Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. | |||||
| CVE-2016-1671 | 1 Google | 2 Android, Chrome | 2016-12-01 | 6.8 MEDIUM | 8.1 HIGH |
| Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. | |||||
| CVE-2014-3193 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing. | |||||
| CVE-2014-3191 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. | |||||
| CVE-2014-3200 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-3190 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. | |||||
| CVE-2014-3189 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3199 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 5.0 MEDIUM | N/A |
| The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object. | |||||
| CVE-2014-3195 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 5.0 MEDIUM | N/A |
| Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. | |||||
| CVE-2014-3198 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 5.0 MEDIUM | N/A |
| The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2014-3197 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 5.0 MEDIUM | N/A |
| The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2014-3196 | 1 Google | 1 Chrome | 2016-11-28 | 7.5 HIGH | N/A |
| base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. | |||||
| CVE-2014-3194 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-2238 | 2 Canonical, Google | 3 Ubuntu Linux, Chrome, V8 | 2016-11-18 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6630 | 1 Google | 1 Chrome | 2016-10-04 | 5.0 MEDIUM | N/A |
| The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | |||||
| CVE-2014-3188 | 2 Google, Redhat | 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more | 2016-09-07 | 10.0 HIGH | N/A |
| Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | |||||
| CVE-2015-8480 | 1 Google | 1 Chrome | 2015-12-07 | 10.0 HIGH | N/A |
| The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg. | |||||
| CVE-2015-8479 | 1 Google | 1 Chrome | 2015-12-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device. | |||||
| CVE-2014-9689 | 1 Google | 1 Chrome | 2015-03-09 | 5.0 MEDIUM | N/A |
| content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. | |||||
| CVE-2011-5319 | 1 Google | 1 Chrome | 2015-03-09 | 5.0 MEDIUM | N/A |
| content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. | |||||
| CVE-2015-1359 | 1 Google | 1 Chrome | 2015-02-21 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2015-1360 | 1 Google | 1 Chrome | 2015-02-21 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2015-1361 | 1 Google | 1 Chrome | 2015-02-21 | 6.8 MEDIUM | N/A |
| platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2014-9648 | 1 Google | 1 Chrome | 2015-02-21 | 4.3 MEDIUM | N/A |
| components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2014-9647 | 1 Google | 1 Chrome | 2015-02-21 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2014-9646 | 1 Google | 1 Chrome | 2015-02-21 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | |||||
| CVE-2011-1798 | 1 Google | 1 Chrome | 2014-12-29 | 7.5 HIGH | N/A |
| rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document. | |||||
| CVE-2011-1796 | 1 Google | 1 Chrome | 2014-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element. | |||||
| CVE-2011-1795 | 1 Google | 1 Chrome | 2014-12-29 | 7.5 HIGH | N/A |
| Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element. | |||||
| CVE-2011-1794 | 1 Google | 1 Chrome | 2014-12-29 | 7.5 HIGH | N/A |
| Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions. | |||||
| CVE-2011-1793 | 1 Google | 1 Chrome | 2014-12-29 | 7.5 HIGH | N/A |
| rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer." | |||||
| CVE-2014-3201 | 1 Google | 1 Chrome | 2014-10-10 | 5.0 MEDIUM | N/A |
| core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. | |||||
| CVE-2014-7967 | 1 Google | 2 Chrome, V8 | 2014-10-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-3187 | 2 Apple, Google | 2 Iphone Os, Chrome | 2014-10-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. | |||||
| CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2014-08-04 | 6.4 MEDIUM | N/A |
| The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | |||||
| CVE-2014-3161 | 1 Google | 2 Android, Chrome | 2014-07-21 | 7.5 HIGH | N/A |
| The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. | |||||
| CVE-2014-1736 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2014-05-23 | 7.5 HIGH | N/A |
| Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. | |||||
| CVE-2013-6654 | 1 Google | 1 Chrome | 2014-04-01 | 7.5 HIGH | N/A |
| The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-6653 | 1 Google | 1 Chrome | 2014-04-01 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser. | |||||
| CVE-2013-6659 | 1 Google | 1 Chrome | 2014-04-01 | 6.4 MEDIUM | N/A |
| The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation. | |||||
| CVE-2013-6658 | 1 Google | 1 Chrome | 2014-04-01 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function. | |||||
| CVE-2013-6657 | 1 Google | 1 Chrome | 2014-04-01 | 6.4 MEDIUM | N/A |
| core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | |||||