National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Chrome
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 104 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-6810

After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.

Published: March 25, 2020; 06:15:12 PM -04:00
(not available)
CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6425

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 5.8 MEDIUM
CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Published: March 12, 2020; 03:15:13 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-20503

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

Published: March 06, 2020; 03:15:12 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6407

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6386

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6384

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6383

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6417

Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.

Published: February 11, 2020; 10:15:14 AM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-6416

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 11, 2020; 10:15:14 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6415

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 11, 2020; 10:15:14 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM