CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48883 – Chrome PHP is missing encoding in `CssSelector`
https://notcve.org/view.php?id=CVE-2025-48883
30 May 2025 — Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding manually to their selectors if they are unable to upgrade. • https://github.com/chrome-php/chrome/commit/34b2b8d1691f4e3940b1e1e95d388fffe81169c8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20072
https://notcve.org/view.php?id=CVE-2018-20072
23 Sep 2024 — Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) • https://issues.chromium.org/issues/40093560 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38023
https://notcve.org/view.php?id=CVE-2021-38023
23 Sep 2024 — Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://issues.chromium.org/issues/40056265 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7282
https://notcve.org/view.php?id=CVE-2023-7282
23 Sep 2024 — Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) • https://issues.chromium.org/issues/40056040 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7281
https://notcve.org/view.php?id=CVE-2023-7281
23 Sep 2024 — Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://issues.chromium.org/issues/40055233 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7022
https://notcve.org/view.php?id=CVE-2024-7022
23 Sep 2024 — Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) • https://issues.chromium.org/issues/324690505 • CWE-457: Use of Uninitialized Variable •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7020
https://notcve.org/view.php?id=CVE-2024-7020
23 Sep 2024 — Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://issues.chromium.org/issues/40076065 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7019
https://notcve.org/view.php?id=CVE-2024-7019
23 Sep 2024 — Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://issues.chromium.org/issues/41494315 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7018
https://notcve.org/view.php?id=CVE-2024-7018
23 Sep 2024 — Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) • https://issues.chromium.org/issues/333414305 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3176
https://notcve.org/view.php?id=CVE-2024-3176
16 Jul 2024 — Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) La escritura fuera de los límites en SwiftShader en Google Chrome anterior a 117.0.5938.62 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html • CWE-787: Out-of-bounds Write •