Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7395 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. | ||||
| CVE-2014-7909 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. | ||||
| CVE-2014-7932 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements. | ||||
| CVE-2016-1656 | 4 Google, Opensuse, Redhat and 1 more | 5 Android, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | ||||
| CVE-2016-1652 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | ||||
| CVE-2015-6779 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. | ||||
| CVE-2015-1213 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. | ||||
| CVE-2016-1654 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | ||||
| CVE-2016-1663 | 3 Google, Opensuse, Redhat | 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2014-1717 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2015-1250 | 4 Canonical, Debian, Google and 1 more | 8 Ubuntu Linux, Debian Linux, Chrome and 5 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2015-1212 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2015-1279 | 4 Debian, Google, Opensuse and 1 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2025-04-12 | N/A |
| Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. | ||||
| CVE-2014-1725 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. | ||||
| CVE-2015-1210 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2014-1748 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. | ||||
| CVE-2016-5130 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | ||||
| CVE-2015-1211 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. | ||||
| CVE-2016-1651 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | ||||
| CVE-2016-5151 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2025-04-12 | N/A |
| PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. | ||||