Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Chrome
Total 3652 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2835 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
CVE-2012-2764 2 Google, Microsoft 2 Chrome, Windows 2025-04-11 7.2 HIGH N/A
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
CVE-2013-2882 4 Debian, Google, Nodejs and 1 more 4 Debian Linux, Chrome, Node.js and 1 more 2025-04-11 7.5 HIGH N/A
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2012-5133 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
CVE-2011-3063 1 Google 1 Chrome 2025-04-11 4.3 MEDIUM N/A
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
CVE-2012-2832 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-3102 2 Apple, Google 2 Iphone Os, Chrome 2025-04-11 6.8 MEDIUM N/A
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVE-2011-1434 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-2652 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2891 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM N/A
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
CVE-2011-0611 8 Adobe, Apple, Google and 5 more 13 Acrobat, Acrobat Reader, Adobe Air and 10 more 2025-04-11 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVE-2013-6640 1 Google 2 Chrome, V8 2025-04-11 7.5 HIGH N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
CVE-2011-1202 2 Google, Xmlsoft 2 Chrome, Libxslt 2025-04-11 4.3 MEDIUM N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2010-4490 1 Google 1 Chrome 2025-04-11 9.3 HIGH N/A
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
CVE-2013-2909 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.
CVE-2011-3095 1 Google 1 Chrome 2025-04-11 10.0 HIGH N/A
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
CVE-2011-1197 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2013-2869 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 4.3 MEDIUM N/A
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.
CVE-2011-2358 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
CVE-2011-2855 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."