The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
Max CVSS
9.8
EPSS Score
1.01%
Published
2017-04-24
Updated
2019-04-23
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
1.25%
Published
2017-05-23
Updated
2018-10-30
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2018-10-30
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
Max CVSS
6.5
EPSS Score
0.51%
Published
2017-06-06
Updated
2019-03-04
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
Max CVSS
6.5
EPSS Score
0.93%
Published
2017-01-19
Updated
2018-01-05
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
Max CVSS
5.5
EPSS Score
0.44%
Published
2017-10-06
Updated
2017-11-01
6 vulnerabilities found