CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1534 – Chrome SpvGetMappedSamplerName Out-Of-Bounds String Copy
https://notcve.org/view.php?id=CVE-2023-1534
21 Mar 2023 — Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Chrome has an issue where there is an out-of-bounds string copy that can occur when parsing a uniform sampler name in SpvGetMappedSamplerName. • http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1533
https://notcve.org/view.php?id=CVE-2023-1533
21 Mar 2023 — Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-1532 – Chrome media::mojom::VideoFrame Missing Validation
https://notcve.org/view.php?id=CVE-2023-1532
21 Mar 2023 — Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Chrome suffers from an issue where the traits for media::mojom::VideoFrame do not perform any validation on the stride and offset parameters when deserializing untrusted message data. • http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1531
https://notcve.org/view.php?id=CVE-2023-1531
21 Mar 2023 — Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1530
https://notcve.org/view.php?id=CVE-2023-1530
21 Mar 2023 — Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1529
https://notcve.org/view.php?id=CVE-2023-1529
21 Mar 2023 — Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1528
https://notcve.org/view.php?id=CVE-2023-1528
21 Mar 2023 — Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1236
https://notcve.org/view.php?id=CVE-2023-1236
07 Mar 2023 — Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1235
https://notcve.org/view.php?id=CVE-2023-1235
07 Mar 2023 — Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1234
https://notcve.org/view.php?id=CVE-2023-1234
07 Mar 2023 — Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html •