Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3684 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3456 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6994 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header. | ||||
| CVE-2008-6996 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting. | ||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | ||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 6.5 Medium |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2009-3931 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy. | ||||
| CVE-2009-1598 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2025-3066 | 1 Google | 1 Chrome | 2025-04-08 | 8.8 High |
| Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0444 | 1 Google | 1 Chrome | 2025-04-08 | 6.3 Medium |
| Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0445 | 1 Google | 1 Chrome | 2025-04-08 | 5.4 Medium |
| Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | 6.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2025-0997 | 1 Google | 1 Chrome | 2025-04-07 | 8.1 High |
| Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2025-1426 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-1006 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | ||||
| CVE-2025-0999 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-1920 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-2135 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-2136 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-2137 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-3068 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||