Total
3085 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3176 | 1 Google | 1 Chrome | 2017-08-28 | 10.0 HIGH | N/A |
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. | |||||
CVE-2014-3175 | 1 Google | 1 Chrome | 2017-08-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. | |||||
CVE-2014-3174 | 1 Google | 1 Chrome | 2017-08-28 | 5.0 MEDIUM | N/A |
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. | |||||
CVE-2014-3173 | 1 Google | 1 Chrome | 2017-08-28 | 5.0 MEDIUM | N/A |
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. | |||||
CVE-2014-3172 | 1 Google | 1 Chrome | 2017-08-28 | 6.4 MEDIUM | N/A |
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. | |||||
CVE-2014-3171 | 1 Google | 1 Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. | |||||
CVE-2014-3170 | 1 Google | 1 Chrome | 2017-08-28 | 6.4 MEDIUM | N/A |
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. | |||||
CVE-2014-3167 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | |||||
CVE-2014-3179 | 1 Google | 1 Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2014-3178 | 1 Google | 1 Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies. | |||||
CVE-2012-5851 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2017-08-28 | 4.3 MEDIUM | N/A |
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | |||||
CVE-2012-5115 | 2 Apple, Google | 2 Mac Os X, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger "wild writes." | |||||
CVE-2012-5118 | 2 Apple, Google | 2 Mac Os X, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2012-5120 | 2 Google, Linux | 3 Chrome, V8, Linux Kernel | 2017-08-28 | 7.5 HIGH | N/A |
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array. | |||||
CVE-2012-5134 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxml2 | 2017-08-28 | 6.8 MEDIUM | N/A |
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | |||||
CVE-2012-2871 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxml2 | 2017-08-28 | 6.8 MEDIUM | N/A |
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. | |||||
CVE-2012-2896 | 2 Apple, Google | 2 Mac Os X, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2009-3011 | 1 Google | 1 Chrome | 2017-08-16 | 4.3 MEDIUM | N/A |
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
CVE-2009-3933 | 2 Google, Webkit | 2 Chrome, Webkit | 2017-08-16 | 5.0 MEDIUM | N/A |
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. |