Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4947 | 1 Google | 1 Chrome | 2024-06-10 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-4761 | 1 Google | 1 Chrome | 2024-06-10 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-4671 | 1 Google | 1 Chrome | 2024-06-10 | N/A | 9.6 CRITICAL |
| Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-5274 | 1 Google | 1 Chrome | 2024-06-10 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-7024 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-06-10 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4762 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-06-10 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-4058 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-06-07 | N/A | 8.8 HIGH |
| Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2011-3101 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-05-17 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. | |||||
| CVE-2011-3640 | 3 Apple, Google, Microsoft | 3 Macos, Chrome, Windows | 2024-05-17 | 7.1 HIGH | N/A |
| Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2024-05-17 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | |||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2024-05-17 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. | |||||
| CVE-2024-3839 | 1 Google | 1 Chrome | 2024-05-03 | N/A | 6.5 MEDIUM |
| Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-3834 | 1 Google | 1 Chrome | 2024-05-03 | N/A | 8.8 HIGH |
| Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3837 | 1 Google | 1 Chrome | 2024-05-03 | N/A | 8.8 HIGH |
| Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-3156 | 1 Google | 1 Chrome | 2024-04-26 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3158 | 1 Google | 1 Chrome | 2024-04-26 | N/A | 8.8 HIGH |
| Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3159 | 1 Google | 1 Chrome | 2024-04-26 | N/A | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3838 | 1 Google | 1 Chrome | 2024-04-23 | N/A | 5.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) | |||||
| CVE-2024-2625 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-04-01 | N/A | 8.8 HIGH |
| Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-04-01 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||