Google » Chrome : Security Vulnerabilities, CVEs, Published In 2019 (Code Execution) CVSS score >= 4
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.68%
Published
2019-12-10
Updated
2023-01-30
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.64%
Published
2019-12-10
Updated
2023-01-30
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.08%
Published
2019-12-10
Updated
2023-02-03
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-11-25
Updated
2019-11-26
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-11-25
Updated
2021-09-08
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2022-04-11
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.67%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.77%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.71%
Published
2019-05-23
Updated
2022-10-11
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
3.39%
Published
2019-02-19
Updated
2021-07-21
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
Max CVSS
8.8
EPSS Score
1.32%
Published
2019-02-19
Updated
2021-07-21
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
11.31%
Published
2019-02-19
Updated
2020-08-24
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Max CVSS
8.8
EPSS Score
14.92%
Published
2019-02-19
Updated
2019-04-18
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Max CVSS
8.8
EPSS Score
12.33%
Published
2019-02-19
Updated
2019-04-17
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.58%
Published
2019-01-09
Updated
2020-08-24
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-01-09
Updated
2019-01-29
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
9.69%
Published
2019-01-09
Updated
2019-01-16
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
9.59%
Published
2019-01-09
Updated
2019-01-14
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Max CVSS
9.3
EPSS Score
1.23%
Published
2019-01-09
Updated
2019-01-16
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Max CVSS
8.8
EPSS Score
1.51%
Published
2019-01-09
Updated
2019-01-16
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Max CVSS
8.8
EPSS Score
3.39%
Published
2019-01-09
Updated
2020-08-24
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-06-27
Updated
2019-06-28
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.49%
Published
2019-01-09
Updated
2019-01-16
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-01-09
Updated
2021-09-08
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.19%
Published
2019-01-09
Updated
2019-01-29