Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Google Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9554 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4176 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2023-11-25 N/A 8.8 HIGH
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)
CVE-2022-4179 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2022-4181 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4182 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4183 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4186 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4185 2 Apple, Google 2 Iphone Os, Chrome 2023-11-25 N/A 4.3 MEDIUM
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4187 2 Google, Microsoft 2 Chrome, Windows 2023-11-25 N/A 6.5 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4184 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4191 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
CVE-2022-4192 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
CVE-2022-4190 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4193 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4189 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2022-4180 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2022-4194 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4195 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
CVE-2022-4188 1 Google 2 Android, Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0129 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
CVE-2023-0128 1 Google 2 Chrome, Chrome Os 2023-11-25 N/A 8.8 HIGH
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0130 1 Google 2 Android, Chrome 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0132 2 Google, Microsoft 2 Chrome, Windows 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0133 1 Google 2 Android, Chrome 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4437 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0134 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4436 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0131 1 Google 1 Chrome 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0137 1 Google 2 Chrome, Chrome Os 2023-11-25 N/A 8.8 HIGH
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0138 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-0136 1 Google 2 Android, Chrome 2023-11-25 N/A 8.8 HIGH
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0141 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-0140 2 Google, Microsoft 2 Chrome, Windows 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-0135 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0139 2 Google, Microsoft 2 Chrome, Windows 2023-11-25 N/A 6.5 MEDIUM
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-2930 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2726 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-11-25 N/A 8.8 HIGH
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2932 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2023-2725 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2931 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2023-2933 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2023-2934 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2724 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-11-25 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2939 2 Google, Microsoft 2 Chrome, Windows 2023-11-25 N/A 7.8 HIGH
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
CVE-2023-2938 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2937 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2941 1 Google 1 Chrome 2023-11-25 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2023-2940 1 Google 1 Chrome 2023-11-25 N/A 6.5 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2936 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2935 1 Google 1 Chrome 2023-11-25 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2723 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-11-25 N/A 8.8 HIGH
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)