Vulnerabilities > Google > Chrome OS > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-02 CVE-2022-2743 Integer Overflow or Wraparound vulnerability in Google Chrome
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions.
network
low complexity
google CWE-190
8.8
2018-08-29 CVE-2018-12828 Unspecified vulnerability in Adobe Flash Player
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability.
network
low complexity
adobe apple linux microsoft google redhat
7.5
2018-08-29 CVE-2018-12825 Unspecified vulnerability in Adobe Flash Player
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability.
network
low complexity
adobe apple linux microsoft google redhat
7.5
2018-02-07 CVE-2017-15400 CRLF Injection vulnerability in Google Chrome OS
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
local
low complexity
google CWE-93
7.8
2018-02-07 CVE-2017-15397 Missing Encryption of Sensitive Data vulnerability in Google Chrome OS
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
network
high complexity
google CWE-311
7.4
2016-09-25 CVE-2016-5169 Unspecified vulnerability in Google Chrome OS
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
8.8
2014-09-25 CVE-2014-1568 Cryptographic Issues vulnerability in Google Chrome
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
network
low complexity
google apple microsoft mozilla CWE-310
7.5
2011-05-24 CVE-2011-2169 Permissions, Privileges, and Access Controls vulnerability in Google Chrome OS
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.
local
low complexity
google CWE-264
7.2
2011-01-14 CVE-2011-0484 Improper Input Validation vulnerability in Google Chrome and Chrome OS
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."
network
low complexity
google CWE-20
7.5
2011-01-14 CVE-2011-0479 Access of Uninitialized Pointer vulnerability in Google Chrome and Chrome OS
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.
network
low complexity
google CWE-824
7.5