CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3214
https://notcve.org/view.php?id=CVE-2023-3214
13 Jun 2023 — Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 30%CPEs: 11EXPL: 2CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-3079
05 Jun 2023 — Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/mistymntncop/CVE-2023-3079 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2941
https://notcve.org/view.php?id=CVE-2023-2941
30 May 2023 — Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2940
https://notcve.org/view.php?id=CVE-2023-2940
30 May 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2939
https://notcve.org/view.php?id=CVE-2023-2939
30 May 2023 — Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2938
https://notcve.org/view.php?id=CVE-2023-2938
30 May 2023 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2937
https://notcve.org/view.php?id=CVE-2023-2937
30 May 2023 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-2936 – Chrome V8 Type Confusion
https://notcve.org/view.php?id=CVE-2023-2936
30 May 2023 — Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • http://packetstormsecurity.com/files/173197/Chrome-V8-Type-Confusion.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-2935 – Chrome v8::internal::Object::SetPropertyWithAccessor Type Confusion
https://notcve.org/view.php?id=CVE-2023-2935
30 May 2023 — Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chrome version 112.0.5615.137 and Chromium version 115.0.5737.0 suffer from a type confusion vulnerability in v8::internal::Object::SetPropertyWithAccessor. • http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-2934 – Chrome Mojo Message Validation Bypass
https://notcve.org/view.php?id=CVE-2023-2934
30 May 2023 — Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory. • http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html • CWE-787: Out-of-bounds Write •