Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3102 2 Apple, Google 2 Iphone Os, Chrome 2025-04-11 6.8 MEDIUM N/A
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVE-2011-1434 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-2652 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2891 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
CVE-2011-0611 8 Adobe, Apple, Google and 5 more 13 Acrobat, Acrobat Reader, Adobe Air and 10 more 2025-04-11 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVE-2013-6640 1 Google 2 Chrome, V8 2025-04-11 7.5 HIGH N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
CVE-2011-1202 2 Google, Xmlsoft 2 Chrome, Libxslt 2025-04-11 4.3 MEDIUM N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2010-4490 1 Google 1 Chrome 2025-04-11 9.3 HIGH N/A
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
CVE-2013-2909 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.
CVE-2011-3095 1 Google 1 Chrome 2025-04-11 10.0 HIGH N/A
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
CVE-2011-1197 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2013-2869 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 4.3 MEDIUM N/A
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.
CVE-2011-2358 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
CVE-2011-2855 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
CVE-2013-0894 7 Apple, Canonical, Ffmpeg and 4 more 7 Macos, Ubuntu Linux, Ffmpeg and 4 more 2025-04-11 7.5 HIGH N/A
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.
CVE-2013-3361 5 Adobe, Apple, Google and 2 more 7 Air, Air Sdk, Flash Player and 4 more 2025-04-11 10.0 HIGH N/A
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
CVE-2011-2075 2 Google, Microsoft 2 Chrome, Windows 7 2025-04-11 9.3 HIGH N/A
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2013-6632 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 9.3 HIGH N/A
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
CVE-2012-1381 2 Google, Netease 2 Android, Netease Cloudalbum 2025-04-11 10.0 HIGH N/A
Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors.
CVE-2013-2833 1 Google 1 Chrome Os 2025-04-11 10.0 HIGH N/A
Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements.