Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Filtered by product Chrome
Total 3085 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5078 5 Apple, Google, Linux and 2 more 7 Macos, Chrome, Linux Kernel and 4 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-5069 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-06 4.3 MEDIUM 6.1 MEDIUM
Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.
CVE-2017-5087 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.
CVE-2017-5088 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2017-5089 3 Apple, Google, Redhat 5 Macos, Chrome, Enterprise Linux Desktop and 2 more 2022-04-06 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2017-5108 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.
CVE-2017-5093 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.
CVE-2017-5109 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2022-04-06 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 4.3 MEDIUM 6.5 MEDIUM
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5111 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5091 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5113 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5118 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5116 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-5079 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-06 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5121 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
CVE-2017-5114 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2020-6393 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-04-06 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6394 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-04-06 5.8 MEDIUM 5.4 MEDIUM
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6450 3 Fedoraproject, Google, Opensuse 4 Fedora, Chrome, Backports Sle and 1 more 2022-04-06 6.8 MEDIUM 8.8 HIGH
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.