Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Chrome
(Google)| Repositories |
• https://github.com/googlei18n/sfntly
• https://github.com/behdad/harfbuzz • https://github.com/uclouvain/openjpeg |
| #Vulnerabilities | 3341 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-09-06 | CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the... | Ubuntu_linux, Debian_linux, Chrome, Curl, Internet_explorer, Windows, Firefox, Opera_browser, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Simatic_rf615r_firmware, Simatic_rf68xr_firmware | N/A | ||
| 2014-01-16 | CVE-2013-6644 | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | Debian_linux, Chrome, Opensuse | N/A | ||
| 2014-01-16 | CVE-2013-6641 | Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. | Chrome, Opensuse | N/A | ||
| 2014-01-16 | CVE-2013-6646 | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. | Debian_linux, Chrome, Opensuse | N/A | ||
| 2014-01-16 | CVE-2013-6645 | Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. | Debian_linux, Chrome, Opensuse | N/A | ||
| 2022-04-05 | CVE-2022-0789 | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Chrome | 8.8 | ||
| 2022-04-05 | CVE-2022-0793 | Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. | Chrome | 8.8 | ||
| 2022-04-05 | CVE-2022-0794 | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | Chrome | 8.8 | ||
| 2022-04-05 | CVE-2022-0795 | Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Chrome | 8.8 | ||
| 2022-04-05 | CVE-2022-0796 | Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Chrome | 8.8 |