Chrome - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Chrome
(Google)

Repositories	• https://github.com/googlei18n/sfntly • https://github.com/behdad/harfbuzz • https://github.com/uclouvain/openjpeg
#Vulnerabilities	3340

Date	Id	Summary	Products	Score	Patch	Annotated
2019-06-27	CVE-2019-5786	Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	Chrome, Puppeteer	6.5
2019-11-25	CVE-2019-13720	Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Chrome, Leap	8.8
2020-11-03	CVE-2020-15999	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Debian_linux, Fedora, Freetype, Chrome, Backports_sle	6.5
2020-11-03	CVE-2020-16010	Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	Chrome	8.8
2021-01-14	CVE-2020-6572	Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.	Chrome	8.8
2021-04-26	CVE-2021-21206	Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Fedora, Chrome	8.8
2021-06-07	CVE-2021-30533	Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.	Fedora, Chrome	6.5
2021-07-02	CVE-2021-30554	Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Fedora, Chrome	8.8
2021-10-08	CVE-2021-37973	Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	Debian_linux, Fedora, Chrome	9.6
2021-11-23	CVE-2021-38000	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.	Debian_linux, Fedora, Chrome	6.1