Search Results (Refine Search)
- Keyword (text search): Chrome
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2627 |
Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-2626 |
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-2625 |
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-2400 |
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 13, 2024; 12:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28120 |
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. Published: March 11, 2024; 6:15:55 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2176 |
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 06, 2024; 2:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2174 |
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 06, 2024; 2:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2173 |
Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Published: March 06, 2024; 2:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1939 |
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 28, 2024; 8:43:57 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1938 |
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Published: February 28, 2024; 8:43:57 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1676 |
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1675 |
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1674 |
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1673 |
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1672 |
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1671 |
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1670 |
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1669 |
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45207 |
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.) Published: February 13, 2024; 11:15:08 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-47131 |
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. Published: February 08, 2024; 6:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |