Google

Chrome

3758 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-5124

  • EPSS 25%
  • Veröffentlicht 07.02.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:27:06

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.

9.3

CVE-2015-1290

  • EPSS 1.81%
  • Veröffentlicht 09.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 02:25:05

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

6.5

CVE-2017-1000460

Exploit
  • EPSS 0.22%
  • Veröffentlicht 03.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:46

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exceptio...

4.3

CVE-2017-5103

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5

CVE-2017-5104

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

6.5

CVE-2017-5105

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5

CVE-2017-5106

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

5.3

CVE-2017-5107

  • EPSS 0.59%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

8.8

CVE-2017-5108

  • EPSS 0.84%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

4.3

CVE-2017-5109

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.