Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1722 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node. | |||||
| CVE-2013-6667 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-1725 | 1 Google | 1 Chrome | 2017-01-06 | 5.0 MEDIUM | N/A |
| The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. | |||||
| CVE-2014-1726 | 1 Google | 1 Chrome | 2017-01-06 | 4.3 MEDIUM | N/A |
| The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. | |||||
| CVE-2014-1727 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms. | |||||
| CVE-2014-1728 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-1729 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6665 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer. | |||||
| CVE-2014-3160 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-06 | 6.8 MEDIUM | N/A |
| The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | |||||
| CVE-2014-3162 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-06 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6663 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view. | |||||
| CVE-2013-6666 | 1 Google | 1 Chrome | 2017-01-06 | 5.8 MEDIUM | N/A |
| The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. | |||||
| CVE-2013-6664 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature. | |||||
| CVE-2014-1724 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request. | |||||
| CVE-2014-1700 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure. | |||||
| CVE-2014-1701 | 1 Google | 1 Chrome | 2017-01-06 | 4.3 MEDIUM | N/A |
| The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. | |||||
| CVE-2014-1702 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread. | |||||
| CVE-2014-1703 | 1 Google | 1 Chrome | 2017-01-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. | |||||
| CVE-2015-3333 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2017-01-02 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1205 | 3 Canonical, Chromium, Google | 3 Ubuntu Linux, Chromium, Chrome | 2017-01-02 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||