Google : Security Vulnerabilities, CVEs, Published In 2012 (Code Execution) CVSS score >= 7
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.91%
Published
2012-12-12
Updated
2018-10-30
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.41%
Published
2012-10-11
Updated
2017-09-19
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
Max CVSS
9.3
EPSS Score
0.94%
Published
2012-10-09
Updated
2017-09-19
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
Max CVSS
9.3
EPSS Score
3.49%
Published
2012-10-05
Updated
2017-08-29
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
Max CVSS
10.0
EPSS Score
56.61%
Published
2012-09-26
Updated
2023-12-07
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
Max CVSS
10.0
EPSS Score
5.37%
Published
2012-08-22
Updated
2014-02-12
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2012-08-06
Updated
2012-08-07
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
Max CVSS
9.3
EPSS Score
3.53%
Published
2012-03-22
Updated
2020-04-16
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
Max CVSS
9.3
EPSS Score
0.80%
Published
2012-02-09
Updated
2020-05-08
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
Max CVSS
9.3
EPSS Score
1.65%
Published
2012-01-27
Updated
2012-02-06
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
Max CVSS
10.0
EPSS Score
6.55%
Published
2012-05-24
Updated
2017-09-19
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
6.45%
Published
2012-05-24
Updated
2017-09-19
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
Max CVSS
9.3
EPSS Score
1.18%
Published
2012-03-10
Updated
2020-04-16
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
Max CVSS
10.0
EPSS Score
1.78%
Published
2012-03-09
Updated
2020-04-16
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
Max CVSS
9.3
EPSS Score
0.14%
Published
2012-04-17
Updated
2012-04-18
15 vulnerabilities found