U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Chrome
  • Search Type: Search Last 3 Months
There are 68 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1675

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1674

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1673

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1670

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-1669

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: February 20, 2024; 11:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-45207

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)

Published: February 13, 2024; 11:15:08 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-47131

The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.

Published: February 08, 2024; 6:15:09 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-1284

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: February 06, 2024; 7:15:56 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-1283

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: February 06, 2024; 7:15:56 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-1077

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

Published: January 30, 2024; 5:15:53 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 30, 2024; 5:15:53 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-1059

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 30, 2024; 5:15:52 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0814

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-0813

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0812

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0811

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-0810

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)