CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 40/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-10-21
Critical

CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way t…

CVSS: 9.3 CWE: CWE-16 View on NVD
2007-09-24
Critical

CVE-2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2007-08-08
Medium

CVE-2007-3844

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that in…

CVSS: 4.3 CWE: N/A View on NVD
2007-07-21
Critical

CVE-2007-3924

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scriptin…

CVSS: 9.3 CWE: N/A View on NVD
2007-07-18
Critical

CVE-2007-3737

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

CVSS: 9.3 CWE: N/A View on NVD
2007-06-01
Medium

CVE-2007-2871

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popu…

CVSS: 4.3 CWE: N/A View on NVD
2007-04-18
Medium

CVE-2007-2060

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

CVSS: 6.8 CWE: N/A View on NVD
2007-04-11
Low

CVE-2007-1947

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone re…

CVSS: 3.5 CWE: N/A View on NVD
2007-04-06
Medium

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone re…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-26
Medium

CVE-2007-1678

Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI ha…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-06
Medium

CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the u…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2007-01-03
Medium

CVE-2007-0045

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x befo…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-0048

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-29
Low

CVE-2006-3812

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copyi…

CVSS: 2.6 CWE: N/A View on NVD
2006-05-22
Low

CVE-2006-2538

IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as…

CVSS: 2.6 CWE: N/A View on NVD
2006-04-14
High

CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome…

CVSS: 7.6 CWE: N/A View on NVD
2005-09-23
Medium

CVE-2005-2706

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.

CVSS: 6.4 CWE: N/A View on NVD
2005-07-13
High

CVE-2005-2267

Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is…

CVSS: 7.5 CWE: N/A View on NVD
2005-05-16
High

CVE-2005-1193

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary scri…

CVSS: 7.5 CWE: N/A View on NVD
2005-05-09
Medium

CVE-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, lead…

CVSS: 5.1 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0401

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary X…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstr…

CVSS: 5.1 CWE: N/A View on NVD
2004-12-31
Medium

CVE-2004-1831

Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds r…

CVSS: 5.0 CWE: N/A View on NVD
2004-08-18
Critical

CVE-2004-0764

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

CVSS: 10.0 CWE: N/A View on NVD