Topic

Chrome

A collection of 106 issues

CVE-2021-40326 Foxit PDF Reader before 11.1 and PDF Editor before 11.1 can mishandle hidden and incremental data in signed documents.

PhantomPDF, Foxit PDF Reader and Foxit PDF Editor are packed as a plugin for Firefox and Chrome. Foxit PDF Plugin before 11.1 and Foxit PDF Editor before 11.1 are vulnerable to an out-of-bounds write vulnerability. An attacker can write to an arbitrary file, and display controlled contents, during

CVE-2022-25644 Package @pendo324/get-process-by-name is vulnerable to Arbitrary Code Execution due to improper sanitization.

To exploit this issue, an attacker needs to construct a malicious .js file and feed it to a user. This can be done by uploading a file to a user’s profile, or by emailing the file to the user. Once a user receives the crafted file and opens it,

CVE-2022-2603 An attacker could exploit heap corruption in Google Chrome after 104.0.5112.79 to gain remote access.

CVE-2018-6074 An issue was discovered with Page Actions in Google Chrome prior to version 104.0.5114.17. If a user had previously clicked on a malicious link and then viewed a different web page, a remote attacker could cause the browser to crash if the second page had a

CVE-2022-2481 After free attack in Views in 103.0.5060.134 allowed a remote attacker to exploit heap corruption.

CVE-2016-5124 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can overwrite the extension's search path value, allowing attackers to inject malicious extensions into the context via a crafted extension. An attacker who convinced a user to install a malicious extension could leverage this to

CVE-2022-2296 After free in Chrome OS Shell prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption.

This issue was addressed by disabling after_free in the UI. For users who are interacting with sites that are explicitly vulnerable to this issue, it is recommended that they be cautious when filling out forms on websites, use caution when visiting untrusted sites, and consider using a trusted browser.

CVE-2022-2007 An after free vulnerability in WebGPU in Google Chrome before 102.0.5005.115 allowed a remote attacker to exploit heap corruption.

CVE-2017-7525 is a security issue through certain extensions. Google recommends users update their extensions to prevent any possible exploitation. CVE-2017-7526 is a security issue through certain extensions. Google recommends users update their extensions to prevent any possible exploitation. CVE-2017-7527 is a security issue through certain extensions. Google recommends users update

CVE-2022-2011 An attacker could exploit heap corruption in Google Chrome after an after free vulnerability to gain access to a user account.

CVE-2017-7593: Out of bounds read in Skia library. In the course of parsing an HTML page, the Skia library on Google Chrome prior to 102.0.572.2 would attempt to access data that was outside the bounds of the image. This was caused by a Redeclaration issue. This issue

CVE-2022-2156 An attacker can exploit heap corruption in Chrome before 103.0.5060.53 to execute malicious code.

This issue has been fixed. After script injection in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform a cross-origin scripting injection via a crafted HTML page. This issue was fixed in version 103.0.5111.57. Mixed content blocking when a site loads a

CVE-2022-1868 An attacker could bypass navigation restrictions in Google Chrome if they convinced a user to install a malicious extension.

If you have installed a malicious extension or have a compromised device, an attacker could potentially trick you into visiting a specifically crafted website, causing Chrome to try to navigate to an external site instead of the desired one. This issue was resolved in Google Chrome 102.0.5 prior

CVE-2022-1854 An attacker can exploit heap corruption in Google Chrome to hijack browser sessions.

CVE-2015-1240 was discovered in Google V8, a highly-optimized JavaScript engine. By crafting synthetic input and injecting code into the memory, an attacker could exploit the vulnerability to bypass security restrictions and obtain sensitive information. An attacker could also potentially exploit the vulnerability to execute code in the context of the