Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.50%
Published
2023-11-01
Updated
2024-01-31

CVE-2023-4762

Known exploited
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Max CVSS
8.8
EPSS Score
34.86%
Published
2023-09-05
Updated
2024-02-07
CISA KEV Added
2024-02-06
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-08-01
Updated
2023-08-15
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.36%
Published
2023-07-29
Updated
2023-12-28
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.76%
Published
2021-08-26
Updated
2021-11-30
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.83%
Published
2021-08-26
Updated
2021-11-30

CVE-2021-21224

Known exploited
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
75.59%
Published
2021-04-26
Updated
2021-06-01
CISA KEV Added
2021-11-03
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-07-29
Updated
2023-08-12
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-01-14
Updated
2021-01-19
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
Max CVSS
6.8
EPSS Score
0.65%
Published
2020-11-03
Updated
2021-03-11

CVE-2020-6572

Known exploited
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
0.51%
Published
2021-01-14
Updated
2024-02-15
CISA KEV Added
2022-01-10
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.52%
Published
2020-09-21
Updated
2021-03-16
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.36%
Published
2020-04-13
Updated
2022-10-07
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-11
Updated
2020-02-17
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Max CVSS
8.8
EPSS Score
0.43%
Published
2020-02-11
Updated
2021-09-16
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.68%
Published
2019-12-10
Updated
2023-01-30
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.64%
Published
2019-12-10
Updated
2023-01-30
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.08%
Published
2019-12-10
Updated
2023-02-03
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-11-25
Updated
2019-11-26
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-11-25
Updated
2021-09-08
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2022-04-11
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.67%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.77%
Published
2019-05-23
Updated
2022-10-11
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Max CVSS
9.3
EPSS Score
1.71%
Published
2019-05-23
Updated
2022-10-11
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.42%
Published
2019-02-19
Updated
2021-07-21
138 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!