Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3852 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1268 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. | ||||
| CVE-2015-1221 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp. | ||||
| CVE-2015-1278 | 4 Debian, Google, Opensuse and 1 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2025-04-12 | N/A |
| content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. | ||||
| CVE-2016-5175 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2016-1670 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2025-04-12 | N/A |
| Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. | ||||
| CVE-2014-7925 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. | ||||
| CVE-2015-6765 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs. | ||||
| CVE-2015-1217 | 3 Canonical, Google, Redhat | 7 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
| CVE-2015-1284 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | N/A |
| The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. | ||||
| CVE-2016-1640 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site. | ||||
| CVE-2014-7928 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy. | ||||
| CVE-2014-7943 | 5 Canonical, Chromium, Google and 2 more | 9 Ubuntu Linux, Chromium, Chrome and 6 more | 2025-04-12 | N/A |
| Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2015-1242 | 4 Canonical, Debian, Google and 1 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2025-04-12 | N/A |
| The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. | ||||
| CVE-2015-1245 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. | ||||
| CVE-2015-6582 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2013-6664 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature. | ||||
| CVE-2014-7904 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2013-6665 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer. | ||||
| CVE-2015-6790 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. | ||||
| CVE-2015-1219 | 3 Canonical, Google, Redhat | 7 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. | ||||