Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3852 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 18 Iphone Os, Mac Os X, Tvos and 15 more | 2025-12-04 | 8.8 High |
| Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
| CVE-2017-5130 | 4 Debian, Google, Redhat and 1 more | 4 Debian Linux, Chrome, Rhel Extras and 1 more | 2025-12-03 | 8.8 High |
| An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | ||||
| CVE-2011-3079 | 3 Google, Mozilla, Opensuse | 5 Chrome, Firefox, Seamonkey and 2 more | 2025-11-25 | N/A |
| The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. | ||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | 4.2 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-12905 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-21 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-12906 | 1 Google | 1 Chrome | 2025-11-21 | 5.4 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-12908 | 1 Google | 2 Android, Chrome | 2025-11-21 | 5.4 Medium |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-12909 | 1 Google | 1 Chrome | 2025-11-21 | 5.3 Medium |
| Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low) | ||||
| CVE-2025-12910 | 1 Google | 1 Chrome | 2025-11-21 | 6.2 Medium |
| Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low) | ||||
| CVE-2025-12911 | 1 Google | 1 Chrome | 2025-11-21 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-9602 | 1 Google | 1 Chrome | 2025-11-20 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9369 | 1 Google | 1 Chrome | 2025-11-20 | 8.8 High |
| Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9123 | 1 Google | 1 Chrome | 2025-11-20 | 8.8 High |
| Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-11919 | 1 Google | 2 Android, Chrome | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-11920 | 2 Apple, Google | 2 Macos, Chrome | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-13178 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-13983 | 2 Apple, Google | 3 Ios, Iphone Os, Chrome | 2025-11-17 | 6.3 Medium |
| Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) | ||||
| CVE-2024-7021 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-13097 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-17 | 5.4 Medium |
| Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-13102 | 1 Google | 2 Android, Chrome | 2025-11-17 | 4.3 Medium |
| Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||