Vulnerabilities > Google > Chrome > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-6152 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
network
low complexity
google redhat debian CWE-434
critical
9.6
2018-11-14 CVE-2018-17472 Improper Input Validation vulnerability in multiple products
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
critical
9.6
2018-11-14 CVE-2018-17462 Use After Free vulnerability in multiple products
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
critical
9.6
2018-08-28 CVE-2017-15398 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google redhat debian CWE-119
critical
9.8
2017-10-27 CVE-2017-5053 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
network
low complexity
google redhat CWE-125
critical
9.6
2017-05-23 CVE-2016-5178 Improper Input Validation vulnerability in multiple products
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google opensuse debian redhat fedoraproject CWE-20
critical
9.8
2017-04-24 CVE-2014-9654 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
network
low complexity
google icu-project CWE-119
critical
9.8
2017-04-11 CVE-2013-6647 Use After Free vulnerability in Google Chrome
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
network
low complexity
google CWE-416
critical
9.8
2016-08-07 CVE-2016-5146 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-08-07 CVE-2016-5144 Improper Access Control vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
network
low complexity
google CWE-284
critical
9.8