ReportizFlow
Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3878 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3194 | 2 Google, Redhat | 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2014-3195 | 2 Google, Redhat | 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more | 2025-04-12 | N/A |
| Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. | ||||
| CVE-2016-1671 | 1 Google | 2 Android, Chrome | 2025-04-12 | N/A |
| Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. | ||||
| CVE-2016-5141 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | ||||
| CVE-2016-5148 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." | ||||
| CVE-2014-3803 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. | ||||
| CVE-2016-1658 | 5 Debian, Google, Novell and 2 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | N/A |
| The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | ||||
| CVE-2016-1657 | 5 Debian, Google, Novell and 2 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | N/A |
| The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. | ||||
| CVE-2016-5192 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | ||||
| CVE-2016-1654 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | ||||
| CVE-2016-1656 | 4 Google, Opensuse, Redhat and 1 more | 5 Android, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | ||||
| CVE-2014-7931 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers. | ||||
| CVE-2014-7936 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. | ||||
| CVE-2014-7941 | 4 Chromium, Google, Opensuse and 1 more | 8 Chromium, Chrome, Opensuse and 5 more | 2025-04-12 | N/A |
| The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. | ||||
| CVE-2016-1655 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. | ||||
| CVE-2014-1740 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion. | ||||
| CVE-2016-1643 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
| CVE-2016-5174 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | ||||
| CVE-2016-1651 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | ||||
| CVE-2016-5128 | 2 Google, Redhat | 3 Chrome, V8, Rhel Extras | 2025-04-12 | N/A |
| objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||