Google » Chrome » 25.0.1364.52 : Security Vulnerabilities, CVEs, (Code Execution) CVSS score >= 2
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.50%
Published
2023-11-01
Updated
2024-01-31
CVE-2023-4762
Known exploited
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Max CVSS
8.8
EPSS Score
40.11%
Published
2023-09-05
Updated
2024-02-07
CISA KEV Added
2024-02-06
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-08-01
Updated
2023-08-15
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.36%
Published
2023-07-29
Updated
2023-12-28
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.97%
Published
2021-08-26
Updated
2021-11-30
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.85%
Published
2021-08-26
Updated
2021-11-30
CVE-2021-21224
Known exploited
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
70.14%
Published
2021-04-26
Updated
2021-06-01
CISA KEV Added
2021-11-03
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-07-29
Updated
2023-08-12
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-01-14
Updated
2021-01-19
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
Max CVSS
6.8
EPSS Score
0.65%
Published
2020-11-03
Updated
2021-03-11
CVE-2020-6572
Known exploited
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
0.51%
Published
2021-01-14
Updated
2024-02-15
CISA KEV Added
2022-01-10
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.52%
Published
2020-09-21
Updated
2021-03-16
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.69%
Published
2020-04-13
Updated
2022-10-07
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-11
Updated
2020-02-17
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Max CVSS
8.8
EPSS Score
0.43%
Published
2020-02-11
Updated
2021-09-16
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.68%
Published
2019-12-10
Updated
2023-01-30
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.64%
Published
2019-12-10
Updated
2023-01-30
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.08%
Published
2019-12-10
Updated
2023-02-03
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-11-25
Updated
2019-11-26
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-11-25
Updated
2021-09-08
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2022-04-11
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.67%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.77%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.71%
Published
2019-05-23
Updated
2022-10-11
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
3.39%
Published
2019-02-19
Updated
2021-07-21