Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5021 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5015 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| CVE-2017-5006 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| CVE-2017-5023 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. | ||||
| CVE-2017-5011 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. | ||||
| CVE-2017-5020 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2017-5019 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2017-5013 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2017-5017 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. | ||||
| CVE-2017-5014 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5008 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| CVE-2017-5009 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2018-20346 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2024-08-05 | N/A |
| SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | ||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | ||||
| CVE-2018-20067 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||||
| CVE-2018-20066 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2018-20065 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. | ||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | ||||
| CVE-2018-20070 | 1 Google | 1 Chrome | 2024-08-05 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||||
| CVE-2018-20069 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-05 | N/A |
| Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||||