Google : Security Vulnerabilities, CVEs, (Overflow)
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
Max CVSS
7.1
EPSS Score
1.20%
Published
2007-03-07
Updated
2018-10-16
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
Max CVSS
7.5
EPSS Score
0.10%
Published
2007-09-11
Updated
2013-07-05
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
Max CVSS
6.8
EPSS Score
9.41%
Published
2008-03-06
Updated
2018-10-15
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
Max CVSS
7.5
EPSS Score
9.11%
Published
2008-03-06
Updated
2018-10-15
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
Max CVSS
9.3
EPSS Score
19.48%
Published
2009-08-19
Updated
2018-10-11
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
Max CVSS
9.3
EPSS Score
15.64%
Published
2009-08-19
Updated
2017-09-29
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
Max CVSS
9.3
EPSS Score
0.34%
Published
2009-05-07
Updated
2017-08-17
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
Max CVSS
9.3
EPSS Score
0.36%
Published
2009-06-23
Updated
2017-08-17
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
Max CVSS
9.3
EPSS Score
8.60%
Published
2009-07-21
Updated
2017-08-17
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
Max CVSS
9.3
EPSS Score
0.26%
Published
2009-07-21
Updated
2017-08-17
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
Max CVSS
5.0
EPSS Score
0.18%
Published
2009-07-22
Updated
2018-10-10
Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.
Max CVSS
9.3
EPSS Score
0.30%
Published
2010-01-15
Updated
2011-08-08
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.
Max CVSS
9.3
EPSS Score
0.18%
Published
2010-02-18
Updated
2017-09-19
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Max CVSS
9.8
EPSS Score
62.90%
Published
2010-06-30
Updated
2020-08-14
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
5.0
EPSS Score
2.18%
Published
2010-05-03
Updated
2017-09-19
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
2.04%
Published
2010-05-03
Updated
2017-09-19
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
Max CVSS
9.3
EPSS Score
3.17%
Published
2010-07-06
Updated
2020-08-10
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
1.70%
Published
2010-07-06
Updated
2020-08-07
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
0.27%
Published
2010-07-06
Updated
2020-08-07
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
2.64%
Published
2010-07-28
Updated
2020-08-04
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.32%
Published
2010-07-28
Updated
2020-08-05
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.17%
Published
2010-08-24
Updated
2020-08-03
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
Max CVSS
10.0
EPSS Score
0.78%
Published
2010-08-24
Updated
2020-08-04
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2010-08-24
Updated
2020-08-04
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.41%
Published
2010-08-24
Updated
2020-08-03