Security Vulnerabilities by chrome-cve-admin@google.com

CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Max Base Score
0.0
Published
2023-11-29
Updated
2023-12-01
EPSS
0.08%

CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-29
Updated
2023-12-01
EPSS
0.13%

CVE-2023-6348

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
0.0
Published
2023-11-29
Updated
2023-12-01
EPSS
0.05%

CVE-2023-6347

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-29
Updated
2023-12-01
EPSS
0.13%

CVE-2023-6346

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-29
Updated
2023-12-01
EPSS
0.15%

CVE-2023-6345

Known Exploited Vulnerability
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Max Base Score
9.6
Published
2023-11-29
Updated
2023-12-01
EPSS
0.21%
KEV Added
2023-11-30

CVE-2023-6112

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-15
Updated
2023-11-28
EPSS
0.24%

CVE-2023-5997

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-15
Updated
2023-11-28
EPSS
0.23%

CVE-2023-5996

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-08
Updated
2023-11-25
EPSS
0.21%

CVE-2023-5859

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
Max Base Score
4.3
Published
2023-11-01
Updated
2023-11-25
EPSS
0.20%

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Max Base Score
4.3
Published
2023-11-01
Updated
2023-11-25
EPSS
0.15%

CVE-2023-5857

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.55%

CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.24%

CVE-2023-5855

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.18%

CVE-2023-5854

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.18%

CVE-2023-5853

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Max Base Score
4.3
Published
2023-11-01
Updated
2023-11-25
EPSS
0.20%

CVE-2023-5852

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.18%

CVE-2023-5851

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Max Base Score
4.3
Published
2023-11-01
Updated
2023-11-25
EPSS
0.20%

CVE-2023-5850

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Max Base Score
4.3
Published
2023-11-01
Updated
2023-11-25
EPSS
0.13%

CVE-2023-5849

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max Base Score
8.8
Published
2023-11-01
Updated
2023-11-25
EPSS
0.24%

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Max Base Score
6.5
Published
2023-10-11
Updated
2023-11-25
EPSS
0.06%

CVE-2023-5486

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Max Base Score
4.3
Published
2023-10-11
Updated
2023-11-25
EPSS
0.08%

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Max Base Score
4.3
Published
2023-10-11
Updated
2023-11-25
EPSS
0.08%

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max Base Score
6.5
Published
2023-10-11
Updated
2023-11-25
EPSS
0.13%

CVE-2023-5483

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Max Base Score
6.5
Published
2023-10-11
Updated
2023-11-25
EPSS
0.08%
1317 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close