Total
3786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2025-04-11 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2011-3052 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
| The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1817 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1300 | 3 Google, Microsoft, Mozilla | 3 Chrome, Windows, Firefox | 2025-04-11 | 10.0 HIGH | N/A |
| The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. | |||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
| CVE-2013-0888 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." | |||||
| CVE-2010-1029 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | |||||
| CVE-2011-1189 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||||
| CVE-2013-2860 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | |||||
| CVE-2010-3411 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2010-3258 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-2300 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759. | |||||
| CVE-2011-3049 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. | |||||
| CVE-2010-3251 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2011-3081 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. | |||||
| CVE-2014-1681 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." | |||||
| CVE-2013-2880 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6640 | 1 Google | 2 Chrome, V8 | 2025-04-11 | 7.5 HIGH | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. | |||||
| CVE-2011-0471 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | 10.0 HIGH | N/A |
| The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1116 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||