Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-24
Updated
2024-01-29
CVE-2023-6345
Known exploited
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
5.21%
Published
2023-11-29
Updated
2024-01-31
CISA KEV Added
2023-11-30
CVE-2023-2136
Known exploited
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.44%
Published
2023-04-19
Updated
2023-10-20
CISA KEV Added
2023-04-21
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.53%
Published
2023-03-21
Updated
2023-10-20
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-12
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-19
CVE-2022-4135
Known exploited
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
2.23%
Published
2022-11-25
Updated
2024-02-15
CISA KEV Added
2022-11-28
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.17%
Published
2022-11-09
Updated
2022-12-08
CVE-2022-3075
Known exploited
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.59%
Published
2022-09-26
Updated
2024-02-15
CISA KEV Added
2022-09-08
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.
Max CVSS
9.8
EPSS Score
0.11%
Published
2022-08-12
Updated
2022-08-15
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.3
EPSS Score
0.23%
Published
2022-07-28
Updated
2022-10-26
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.24%
Published
2022-07-27
Updated
2022-10-26
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Max CVSS
9.6
EPSS Score
0.15%
Published
2022-07-25
Updated
2022-08-30
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-25
Updated
2022-08-30
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-21
Updated
2022-10-27
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-21
Updated
2022-10-27
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.20%
Published
2022-04-05
Updated
2023-01-24
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.12%
Published
2022-04-05
Updated
2022-04-13
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.11%
Published
2022-04-05
Updated
2022-04-11
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.48%
Published
2022-02-12
Updated
2022-04-01
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.18%
Published
2022-02-12
Updated
2022-04-19
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.53%
Published
2021-12-23
Updated
2022-02-19
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.22%
Published
2021-11-23
Updated
2022-02-28