Summary
Detail | |||
---|---|---|---|
Vendor | First view | 2014-05-14 | |
Product | Chrome | Last view | 2024-05-28 |
Version | 34.0.1847.135 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:google:chrome |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2024-05-28 | CVE-2024-5274 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-05-15 | CVE-2024-4947 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-05-14 | CVE-2024-4761 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) |
9.6 | 2024-05-14 | CVE-2024-4671 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-05-01 | CVE-2024-4058 | Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
6.5 | 2024-04-17 | CVE-2024-3839 | Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
5.5 | 2024-04-17 | CVE-2024-3838 | Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) |
8.8 | 2024-04-17 | CVE-2024-3837 | Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
8.8 | 2024-04-17 | CVE-2024-3834 | Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-04-06 | CVE-2024-3159 | Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-04-06 | CVE-2024-3158 | Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-04-06 | CVE-2024-3156 | Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
4.3 | 2024-03-20 | CVE-2024-2631 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
6.5 | 2024-03-20 | CVE-2024-2630 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
4.3 | 2024-03-20 | CVE-2024-2629 | Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
4.3 | 2024-03-20 | CVE-2024-2628 | Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) |
8.8 | 2024-03-20 | CVE-2024-2627 | Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
6.5 | 2024-03-20 | CVE-2024-2626 | Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) |
8.8 | 2024-03-20 | CVE-2024-2625 | Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
9.8 | 2024-02-07 | CVE-2024-1284 | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
9.8 | 2024-02-07 | CVE-2024-1283 | Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-01-30 | CVE-2024-1077 | Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) |
8.8 | 2024-01-30 | CVE-2024-1060 | Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2024-01-30 | CVE-2024-1059 | Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) |
6.5 | 2024-01-24 | CVE-2024-0814 | Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
32% (602) | CWE-416 | Use After Free |
18% (340) | CWE-787 | Out-of-bounds Write |
8% (167) | CWE-20 | Improper Input Validation |
5% (97) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
4% (76) | CWE-125 | Out-of-bounds Read |
3% (61) | CWE-200 | Information Exposure |
3% (57) | CWE-190 | Integer Overflow or Wraparound |
2% (51) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
2% (38) | CWE-264 | Permissions, Privileges, and Access Controls |
1% (34) | CWE-362 | Race Condition |
1% (30) | CWE-346 | Origin Validation Error |
1% (29) | CWE-254 | Security Features |
1% (27) | CWE-284 | Access Control (Authorization) Issues |
1% (24) | CWE-276 | Incorrect Default Permissions |
0% (18) | CWE-17 | Code |
0% (15) | CWE-189 | Numeric Errors |
0% (14) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
0% (14) | CWE-19 | Data Handling |
0% (13) | CWE-668 | Exposure of Resource to Wrong Sphere |
0% (13) | CWE-399 | Resource Management Errors |
0% (13) | CWE-290 | Authentication Bypass by Spoofing |
0% (13) | CWE-203 | Information Exposure Through Discrepancy |
0% (10) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (9) | CWE-704 | Incorrect Type Conversion or Cast |
0% (7) | CWE-269 | Improper Privilege Management |
SAINT Exploits
Description | Link |
---|---|
Google Chrome SimplifiedLowering bug | More info here |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-B-0107 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0061361 |
2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
2014-B-0071 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0052483 |
2014-B-0060 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0050897 |
2014-B-0056 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0050433 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1 |
2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1 |
2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1 |
2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1 |
2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1 |
2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1 |
2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1 |
2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1 |
2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1 |
2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1 |
2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1 |
2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1 |
2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1 |
2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1 |
2020-06-04 | Chromium use after free exploitation attempt RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1 |
2020-06-04 | Chromium use after free exploitation attempt RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1007.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote Fedora host is missing a security update. File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-13d8c35127.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-39be36e9fc.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7c80aaef26.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8e866c5066.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-94e1bc8c23.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b844991a97.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f76e6d17f1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-fd194a1f14.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1446.nasl - Type: ACT_GATHER_INFO |
2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO |
2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO |
2018-12-24 | Name: The remote Debian host is missing a security update. File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO |
2018-12-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO |
2018-12-14 | Name: A web browser installed on the remote Windows host is affected by a use after... File: google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
2018-12-14 | Name: A web browser installed on the remote macOS host is affected by a use after f... File: macosx_google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
2018-12-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO |
2018-12-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO |