Filtered by vendor Google
Subscribe
Total
12727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5148 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
| The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. | |||||
| CVE-2011-2878 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2013-2867 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2011-2837 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. | |||||
| CVE-2012-2892 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors. | |||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | |||||
| CVE-2011-1439 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-2107 | 6 Adobe, Apple, Google and 3 more | 8 Acrobat, Acrobat Reader, Flash Player and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." | |||||
| CVE-2012-1481 | 2 Google, Kashif Masud | 2 Android, Textdroid | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Textdroid (com.app.android.textdroid) application 2.5.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2025-04-11 | 2.6 LOW | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2013-1727 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. | |||||
| CVE-2012-2877 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
| The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-3251 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2010-2898 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. | |||||
| CVE-2011-2451 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2012-1396 | 2 Goforandroid, Google | 2 Go Fbwidget, Android | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2013-2909 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings. | |||||
| CVE-2010-4038 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-2864 | 3 Acer, Google, Samsung | 5 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." | |||||
| CVE-2011-3021 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. | |||||