CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5121 20 Exec Code 2017-10-27 2017-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
2 CVE-2017-5116 704 Exec Code 2017-10-27 2017-11-14
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
3 CVE-2017-5112 119 Exec Code Overflow 2017-10-27 2017-11-14
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
4 CVE-2017-5070 704 Exec Code 2017-10-27 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
5 CVE-2017-5059 704 Exec Code 2017-10-27 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
6 CVE-2017-5053 264 Exec Code 2017-10-27 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
7 CVE-2017-5030 119 Exec Code Overflow 2017-04-24 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
8 CVE-2017-5020 79 Exec Code XSS 2017-02-17 2017-11-03
4.3
None Remote Medium Not required None Partial None
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
9 CVE-2016-5207 79 Exec Code XSS 2017-01-19 2017-06-30
4.3
None Remote Medium Not required None Partial None
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.
10 CVE-2016-5198 125 Exec Code 2017-01-19 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
11 CVE-2016-5157 119 Exec Code Overflow 2016-09-11 2017-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
12 CVE-2016-1628 119 DoS Exec Code Overflow 2016-02-21 2017-11-05
6.8
None Remote Medium Not required Partial Partial Partial
pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
13 CVE-2015-6792 DoS Exec Code 2015-12-23 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
14 CVE-2015-6765 DoS Exec Code 2015-12-05 2017-09-13
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.
15 CVE-2015-6581 DoS Exec Code Mem. Corr. 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
16 CVE-2015-1274 254 Exec Code 2015-07-22 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
17 CVE-2015-1260 DoS Exec Code 2015-05-20 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.
18 CVE-2015-1253 284 Exec Code Bypass 2015-05-20 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.
19 CVE-2015-1251 Exec Code 2015-05-20 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.
20 CVE-2015-1233 17 Exec Code 2015-04-01 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
21 CVE-2014-3188 94 Exec Code 2014-10-08 2016-09-07
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
22 CVE-2014-3177 94 Exec Code 2014-08-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
23 CVE-2014-3176 94 Exec Code 2014-08-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
24 CVE-2013-6658 399 DoS Exec Code 2014-02-23 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.
25 CVE-2013-6632 189 DoS Exec Code Overflow Mem. Corr. 2013-11-18 2014-03-05
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
26 CVE-2013-2931 Exec Code 2013-11-13 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.
27 CVE-2013-2870 399 Exec Code 2013-07-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
28 CVE-2013-2863 119 DoS Exec Code Overflow Mem. Corr. 2013-06-04 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
29 CVE-2013-0912 94 Exec Code 2013-03-11 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
30 CVE-2013-0889 264 Exec Code 2013-02-23 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
31 CVE-2012-5142 94 DoS Exec Code 2012-12-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
32 CVE-2012-5134 119 DoS Exec Code Overflow 2012-11-27 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
33 CVE-2012-5112 399 Exec Code 2012-10-11 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
34 CVE-2012-5108 362 Exec Code 2012-10-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
35 CVE-2012-2897 119 Exec Code Overflow 2012-09-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
36 CVE-2012-2859 119 DoS Exec Code Overflow 2012-08-06 2012-08-07
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
37 CVE-2012-1845 399 Exec Code Bypass 2012-03-22 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
38 CVE-2011-3961 362 Exec Code 2012-02-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
39 CVE-2011-3873 119 DoS Exec Code Overflow Mem. Corr. 2011-10-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
40 CVE-2011-3108 399 Exec Code 2012-05-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
41 CVE-2011-3106 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
42 CVE-2011-3047 119 DoS Exec Code Overflow Mem. Corr. 2012-03-10 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
43 CVE-2011-3046 20 Exec Code XSS 2012-03-08 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
44 CVE-2011-3045 189 DoS Exec Code 2012-03-22 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
45 CVE-2011-2806 119 DoS Exec Code Overflow Mem. Corr. 2011-08-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
46 CVE-2011-2075 Exec Code 2011-05-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
47 CVE-2011-1807 119 Exec Code Overflow 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
48 CVE-2011-1806 119 DoS Exec Code Overflow Mem. Corr. 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
49 CVE-2011-1302 119 Exec Code Overflow 2011-04-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
50 CVE-2011-1301 399 Exec Code 2011-04-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 88   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.