Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12852 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3251 1 Google 1 Chrome 2025-04-11 4.3 MEDIUM N/A
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVE-2011-3066 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-2922 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.
CVE-2012-5110 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-1193 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2012-5272 5 Adobe, Apple, Google and 2 more 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more 2025-04-11 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2010-4213 2 Bankofamerica, Google 2 Bank Of America, Android 2025-04-11 4.3 MEDIUM N/A
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.
CVE-2013-3345 5 Adobe, Apple, Google and 2 more 5 Flash Player, Mac Os X, Android and 2 more 2025-04-11 10.0 HIGH N/A
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2011-3099 1 Google 1 Chrome 2025-04-11 10.0 HIGH N/A
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
CVE-2013-2925 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.
CVE-2011-3954 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
CVE-2012-5127 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
CVE-2011-2107 6 Adobe, Apple, Google and 3 more 8 Acrobat, Acrobat Reader, Flash Player and 5 more 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."
CVE-2013-0841 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3965 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2010-4033 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
CVE-2011-2851 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-0483 1 Google 2 Chrome, Chrome Os 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-0481 1 Google 2 Chrome, Chrome Os 2025-04-11 9.3 HIGH N/A
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
CVE-2013-2866 1 Google 2 Chrome, Chrome Os 2025-04-11 4.3 MEDIUM N/A
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.