Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15397 1 Google 1 Chrome Os 2026-06-17 5.8 MEDIUM 7.4 HIGH
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
CVE-2017-15396 4 Debian, Google, Icu-project and 1 more 6 Debian Linux, Chrome, International Components For Unicode and 3 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15395 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
CVE-2017-15394 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
CVE-2017-15393 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
CVE-2017-15392 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
CVE-2017-15391 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
CVE-2017-15390 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-15389 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15388 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-15387 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
CVE-2017-15386 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15361 35 Acer, Aopen, Asi and 32 more 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVE-2017-14918 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
CVE-2017-14917 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14916 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14914 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.
CVE-2017-14909 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
CVE-2017-14908 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
CVE-2017-14907 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.