
CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVE-2019-13689
https://notcve.org/view.php?id=CVE-2019-13689
25 Aug 2023 — Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) • https://bugs.chromium.org/p/chromium/issues/detail?id=960109 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2019-13690
https://notcve.org/view.php?id=CVE-2019-13690
25 Aug 2023 — Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) • https://bugs.chromium.org/p/chromium/issues/detail?id=960111 • CWE-269: Improper Privilege Management •

CVE-2022-4452
https://notcve.org/view.php?id=CVE-2022-4452
25 Aug 2023 — Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) • https://bugs.chromium.org/p/chromium/issues/detail?id=1372457 •

CVE-2023-2312 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-2312
15 Aug 2023 — Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •

CVE-2022-4955
https://notcve.org/view.php?id=CVE-2022-4955
04 Aug 2023 — Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html •

CVE-2023-2314
https://notcve.org/view.php?id=CVE-2023-2314
28 Jul 2023 — Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html • CWE-345: Insufficient Verification of Data Authenticity •

CVE-2023-2313
https://notcve.org/view.php?id=CVE-2023-2313
28 Jul 2023 — Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •

CVE-2023-2311
https://notcve.org/view.php?id=CVE-2023-2311
28 Jul 2023 — Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •

CVE-2022-4926
https://notcve.org/view.php?id=CVE-2022-4926
28 Jul 2023 — Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html • CWE-522: Insufficiently Protected Credentials •