Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
6.8
EPSS Score
0.99%
Published
2017-04-24
Updated
2022-04-22
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
Max CVSS
8.8
EPSS Score
1.72%
Published
2017-04-24
Updated
2022-04-22
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2017-04-24
Updated
2022-04-22
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
Max CVSS
6.8
EPSS Score
0.95%
Published
2017-04-24
Updated
2022-04-22
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2017-04-24
Updated
2022-04-22
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.20%
Published
2017-04-24
Updated
2018-01-05
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.20%
Published
2017-04-24
Updated
2018-01-05
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.68%
Published
2017-04-24
Updated
2018-06-12
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.04%
Published
2017-04-24
Updated
2022-04-22
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
Max CVSS
9.8
EPSS Score
1.01%
Published
2017-04-24
Updated
2019-04-23
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
Max CVSS
9.8
EPSS Score
0.10%
Published
2017-04-11
Updated
2017-04-17
11 vulnerabilities found