Total
3628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2850 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2013-6649 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. | |||||
| CVE-2010-0645 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. | |||||
| CVE-2011-1123 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3072 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | |||||
| CVE-2011-2864 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2012-5146 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||||
| CVE-2010-0660 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging. | |||||
| CVE-2011-3019 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. | |||||
| CVE-2010-3258 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-2872 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. | |||||
| CVE-2010-1502 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools." | |||||
| CVE-2010-4576 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | 5.0 MEDIUM | N/A |
| browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. | |||||
| CVE-2012-2846 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. | |||||
| CVE-2011-2825 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | |||||
| CVE-2013-2861 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1448 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2012-4929 | 3 Debian, Google, Mozilla | 3 Debian Linux, Chrome, Firefox | 2025-04-11 | 2.6 LOW | N/A |
| The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2011-3055 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 4.3 MEDIUM | N/A |
| The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | |||||
| CVE-2011-3873 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||