Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
Max CVSS
7.8
EPSS Score
0.22%
Published
2009-04-24
Updated
2021-07-23
The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.
Max CVSS
7.8
EPSS Score
0.43%
Published
2010-04-23
Updated
2017-09-19
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
Max CVSS
7.8
EPSS Score
0.28%
Published
2010-10-21
Updated
2020-07-31
Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.96%
Published
2012-06-27
Updated
2017-09-19
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Max CVSS
7.8
EPSS Score
0.48%
Published
2014-04-26
Updated
2022-11-10
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2017-04-24
Updated
2022-04-22
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Max CVSS
7.8
EPSS Score
1.24%
Published
2017-04-24
Updated
2022-04-22
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2017-04-24
Updated
2022-04-22
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-01-09
Updated
2019-10-03
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-01-09
Updated
2021-09-08
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-06-27
Updated
2019-06-28
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-02-19
Updated
2021-09-08
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2022-04-11
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)
Max CVSS
7.8
EPSS Score
0.07%
Published
2023-08-25
Updated
2023-08-31
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-10-14
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-11-25
Updated
2022-10-14
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-11
Updated
2020-02-17
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-05-21
Updated
2022-04-26
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.18%
Published
2020-07-22
Updated
2021-01-27
Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2021-07-21
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2023-01-31
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-03-11
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.10%
Published
2020-11-03
Updated
2021-03-11
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-07-21
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-02-09
Updated
2022-07-12
531 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!