Page 50 of 3370 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1413813 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • http://packetstormsecurity.com/files/173197/Chrome-V8-Type-Confusion.html https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1443452 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chrome version 112.0.5615.137 and Chromium version 115.0.5737.0 suffer from a type confusion vulnerability in v8::internal::Object::SetPropertyWithAccessor. • http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1440695 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory. • http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1429720 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1445426 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-416: Use After Free •