Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-24
Updated
2024-01-29

CVE-2023-6345

Known exploited
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
5.21%
Published
2023-11-29
Updated
2024-01-31
CISA KEV Added
2023-11-30

CVE-2023-2136

Known exploited
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.44%
Published
2023-04-19
Updated
2023-10-20
CISA KEV Added
2023-04-21
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.53%
Published
2023-03-21
Updated
2023-10-20
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-12
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-19

CVE-2022-4135

Known exploited
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
2.23%
Published
2022-11-25
Updated
2024-02-15
CISA KEV Added
2022-11-28
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.17%
Published
2022-11-09
Updated
2022-12-08

CVE-2022-3075

Known exploited
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.59%
Published
2022-09-26
Updated
2024-02-15
CISA KEV Added
2022-09-08
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.
Max CVSS
9.8
EPSS Score
0.11%
Published
2022-08-12
Updated
2022-08-15
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.3
EPSS Score
0.23%
Published
2022-07-28
Updated
2022-10-26
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.24%
Published
2022-07-27
Updated
2022-10-26
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Max CVSS
9.6
EPSS Score
0.15%
Published
2022-07-25
Updated
2022-08-30
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-25
Updated
2022-08-30
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-21
Updated
2022-10-27
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.25%
Published
2022-07-21
Updated
2022-10-27
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.20%
Published
2022-04-05
Updated
2023-01-24
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.12%
Published
2022-04-05
Updated
2022-04-13
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.11%
Published
2022-04-05
Updated
2022-04-11
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.48%
Published
2022-02-12
Updated
2022-04-01
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.18%
Published
2022-02-12
Updated
2022-04-19
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.53%
Published
2021-12-23
Updated
2022-02-19
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.22%
Published
2021-11-23
Updated
2022-02-28
310 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!