Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1568 | 5 Apple, Google, Microsoft and 2 more | 14 Mac Os X, Chrome, Chrome Os and 11 more | 2024-10-21 | N/A |
| Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | ||||
| CVE-2024-0810 | 1 Google | 1 Chrome | 2024-10-18 | 4.3 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2023-1215 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1214 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1213 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9964 | 1 Google | 1 Chrome | 2024-10-17 | 4.3 Medium |
| Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-9966 | 1 Google | 1 Chrome | 2024-10-17 | 5.3 Medium |
| Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-9963 | 1 Google | 1 Chrome | 2024-10-17 | 4.3 Medium |
| Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9962 | 1 Google | 1 Chrome | 2024-10-17 | 4.3 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9958 | 1 Google | 1 Chrome | 2024-10-17 | 4.3 Medium |
| Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0941 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2023-0932 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-10-17 | 8.8 High |
| Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0928 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0927 | 1 Google | 2 Android, Chrome | 2024-10-17 | 8.8 High |
| Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0474 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) | ||||
| CVE-2023-0473 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0472 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9961 | 1 Google | 1 Chrome | 2024-10-16 | 8.8 High |
| Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9960 | 1 Google | 1 Chrome | 2024-10-16 | 8.8 High |
| Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9959 | 1 Google | 1 Chrome | 2024-10-16 | 8.8 High |
| Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||