Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3199 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-01-23 | N/A | 8.8 HIGH |
| Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2020-6509 | 1 Google | 1 Chrome | 2023-01-20 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2016-1669 | 5 Canonical, Debian, Google and 2 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2023-01-19 | 9.3 HIGH | 8.8 HIGH |
| The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2022-3195 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-01-18 | N/A | 8.8 HIGH |
| Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0139 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-17 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2023-01-17 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2023-01-17 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0129 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) | |||||
| CVE-2023-0128 | 1 Google | 2 Chrome, Chrome Os | 2023-01-13 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0140 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-13 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0137 | 1 Google | 2 Chrome, Chrome Os | 2023-01-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0138 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0136 | 1 Google | 2 Android, Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-13 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2023-01-13 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0135 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0134 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2019-13768 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 7.4 HIGH |
| Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2021-21200 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 5.4 MEDIUM |
| Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) | |||||