CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 30/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2015-04-19
Medium

CVE-2015-1248

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem…

CVSS: 4.3 CWE: CWE-264 View on NVD
Medium

CVE-2015-1247

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch d…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-1246

Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-1245

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted rem…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2015-1244

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2015-1242

The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of ser…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintend…

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2015-1240

gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL p…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-1238

Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-1237

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allow…

CVSS: 4.3 CWE: CWE-264 View on NVD
Medium

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origi…

CVSS: 5.0 CWE: CWE-264 View on NVD
2015-04-08
Medium

CVE-2015-0798

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute a…

CVSS: 5.0 CWE: CWE-264 View on NVD
2015-04-01
Medium

CVE-2015-1234

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspeci…

CVSS: 6.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2015-1233

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 7.5 CWE: CWE-17 View on NVD
Medium

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScr…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr…

CVSS: 5.0 CWE: CWE-264 View on NVD
High

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privil…

CVSS: 7.5 CWE: CWE-264 View on NVD
2015-03-24
High

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome pr…

CVSS: 7.5 CWE: CWE-264 View on NVD
2015-03-09
Medium

CVE-2015-2239

Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which ma…

CVSS: 4.3 CWE: CWE-19 View on NVD
High

CVE-2015-2238

Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or p…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-1231

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1230

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote a…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1229

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allo…

CVSS: 5.0 CWE: CWE-19 View on NVD
High

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not ini…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2015-1226

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger tar…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2015-1225

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-1224

The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are ide…

CVSS: 5.0 CWE: CWE-17 View on NVD
High

CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1222

Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 all…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1221

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incor…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1220

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attacker…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2015-1219

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecif…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1217

The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compil…

CVSS: 7.5 CWE: CWE-17 View on NVD
High

CVE-2015-1216

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.7…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1215

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigg…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-1214

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to caus…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2015-1213

The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-9689

content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote a…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2011-5319

content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote at…

CVSS: 5.0 CWE: CWE-264 View on NVD
2015-02-25
Medium

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unsp…

CVSS: 6.8 CWE: CWE-264 View on NVD
2015-02-06
High

CVE-2015-1212

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.1…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and b…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 4…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2014-5332

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by us…

CVSS: 6.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2015-01-27
Medium

CVE-2015-1361

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which mi…

CVSS: 6.8 CWE: CWE-17 View on NVD
High

CVE-2015-1360

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improper…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-1359

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly h…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2014-9648

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application afte…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2014-9647

Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2014-9646

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Googl…

CVSS: 4.6 CWE: CWE-264 View on NVD
2015-01-22
High

CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unkno…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1205

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions e…

CVSS: 4.3 CWE: CWE-310 View on NVD
Medium

CVE-2014-7947

OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c,…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-7946

The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-7945

OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c,…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-7944

The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote atta…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-7943

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2014-7941

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.l…

CVSS: 4.3 CWE: CWE-264 View on NVD
High

CVE-2014-7938

The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-7937

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or poss…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-7936

Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2014-7935

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-7933

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a d…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-7932

Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-7931

factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted J…

CVSS: 7.5 CWE: CWE-17 View on NVD
High

CVE-2014-7930

Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of se…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.9…

CVSS: 7.5 CWE: CWE-17 View on NVD
High

CVE-2014-7928

hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or poss…

CVSS: 7.5 CWE: CWE-19 View on NVD
High

CVE-2014-7927

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allow…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2014-7926

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of…

CVSS: 7.5 CWE: CWE-17 View on NVD
High

CVE-2014-7925

Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified o…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-7924

Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by tri…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2014-7923

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of…

CVSS: 7.5 CWE: CWE-17 View on NVD
2015-01-14
High

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to exe…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-12-29
Low

CVE-2014-6160

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attac…

CVSS: 2.1 CWE: CWE-264 View on NVD
2014-12-26
High

CVE-2011-1798

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which a…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2011-1796

Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to caus…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2011-1794

Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 a…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2011-1793

rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecifie…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-11
Medium

CVE-2014-8631

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2014-12-10
High

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and…

CVSS: 7.5 CWE: CWE-19 View on NVD
2014-11-19
High

CVE-2014-7910

Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-7909

effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of ser…

CVSS: 5.0 CWE: CWE-189 View on NVD
High

CVE-2014-7908

Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecif…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2014-7907

Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2014-7906

Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flas…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2014-7905

Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended acces…

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2014-7904

Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-7903

Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-7902

Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF…

CVSS: 7.5 CWE: CWE-17 View on NVD
High

CVE-2014-7901

Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to c…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2014-7900

Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attacke…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2014-7899

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username s…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-10-10
Medium

CVE-2014-3201

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows rem…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-10-08
High

CVE-2014-7967

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unkn…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-3200

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection fail…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error c…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages…

CVSS: 5.0 CWE: CWE-264 View on NVD
High

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox prote…

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of…

CVSS: 5.0 CWE: CWE-399 View on NVD
High

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possi…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.212…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaSc…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of servic…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-3189

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers t…

CVSS: 7.5 CWE: CWE-264 View on NVD
Critical

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2014-3187

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD