Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Chrome
(Google)Repositories |
• https://github.com/googlei18n/sfntly
• https://github.com/behdad/harfbuzz • https://github.com/uclouvain/openjpeg |
#Vulnerabilities | 3340 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-06-27 | CVE-2019-5786 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | Chrome, Puppeteer | 6.5 | ||
2019-11-25 | CVE-2019-13720 | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Chrome, Leap | 8.8 | ||
2020-11-03 | CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Freetype, Chrome, Backports_sle | 6.5 | ||
2020-11-03 | CVE-2020-16010 | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Chrome | 8.8 | ||
2021-01-14 | CVE-2020-6572 | Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | Chrome | 8.8 | ||
2021-04-26 | CVE-2021-21206 | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2021-06-07 | CVE-2021-30533 | Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | Fedora, Chrome | 6.5 | ||
2021-07-02 | CVE-2021-30554 | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2021-10-08 | CVE-2021-37973 | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Fedora, Chrome | 9.6 | ||
2021-11-23 | CVE-2021-38000 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | Debian_linux, Fedora, Chrome | 6.1 |