Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file browser vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-6132
Uninitialized data in WebRTC in Google Chrome before 67.0.3396.62 allowed a remote malicious user to obtain potentially sensitive information from process memory via a crafted video file.
Google Chrome
4.6
CVSSv2
CVE-2018-6176
Insufficient file type enforcement in Extensions API in Google Chrome before 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
Google Chrome
4.3
CVSSv2
CVE-2018-6155
Incorrect handling of frames in the VP8 parser in Google Chrome before 68.0.3440.75 allowed a remote malicious user to potentially exploit heap corruption via a crafted video file.
Google Chrome
6.8
CVSSv2
CVE-2018-6157
Type confusion in WebRTC in Google Chrome before 68.0.3440.75 allowed a remote malicious user to potentially exploit heap corruption via a crafted video file.
Google Chrome
7.5
CVSSv2
CVE-2008-0986
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and previous versions, and m5-rc14, allows remote malicious users to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
Google Android Sdk M5-rc14
Google Android Sdk
1 EDB exploit
6.8
CVSSv2
CVE-2017-5037
An integer overflow in FFmpeg in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote malicious user to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Google Chrome
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
4.3
CVSSv2
CVE-2015-3336
Google Chrome prior to 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote malicious users to cause a denial of service (UI disruption) by constructing a c...
Google Chrome
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
6.8
CVSSv2
CVE-2013-2853
The HTTPS implementation in Google Chrome prior to 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle malicious users to have an unspecified impact via vectors that trigger head...
Google Chrome 28.0.1500.68
Google Chrome 28.0.1500.26
Google Chrome 28.0.1500.31
Google Chrome 28.0.1500.0
Google Chrome 28.0.1500.33
Google Chrome 28.0.1500.29
Google Chrome 28.0.1500.25
Google Chrome 28.0.1500.66
Google Chrome 28.0.1500.41
Google Chrome 28.0.1500.12
Google Chrome 28.0.1500.13
Google Chrome 28.0.1500.62
Google Chrome 28.0.1500.20
Google Chrome 28.0.1500.39
Google Chrome 28.0.1500.60
Google Chrome 28.0.1500.15
Google Chrome 28.0.1500.59
Google Chrome 28.0.1500.23
Google Chrome 28.0.1500.45
Google Chrome 28.0.1500.43
Google Chrome 28.0.1500.40
Google Chrome 28.0.1500.3
7.5
CVSSv2
CVE-2013-2867
Google Chrome prior to 28.0.1500.71 does not properly prevent pop-under windows, which allows remote malicious users to have an unspecified impact via a crafted web site.
Google Chrome 28.0.1500.68
Google Chrome 28.0.1500.26
Google Chrome 28.0.1500.31
Google Chrome 28.0.1500.0
Google Chrome 28.0.1500.33
Google Chrome 28.0.1500.29
Google Chrome 28.0.1500.25
Google Chrome 28.0.1500.66
Google Chrome 28.0.1500.41
Google Chrome 28.0.1500.12
Google Chrome 28.0.1500.13
Google Chrome 28.0.1500.62
Google Chrome 28.0.1500.20
Google Chrome 28.0.1500.39
Google Chrome 28.0.1500.60
Google Chrome 28.0.1500.15
Google Chrome 28.0.1500.59
Google Chrome 28.0.1500.23
Google Chrome 28.0.1500.45
Google Chrome 28.0.1500.43
Google Chrome 28.0.1500.40
Google Chrome 28.0.1500.3
5
CVSSv2
CVE-2013-2868
common/extensions/sync_helper.cc in Google Chrome prior to 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote malicious users to trigger unwanted extension changes via unspecified vect...
Debian Debian Linux 7.0
Google Chrome 28.0.1500.68
Google Chrome 28.0.1500.26
Google Chrome 28.0.1500.31
Google Chrome 28.0.1500.0
Google Chrome 28.0.1500.33
Google Chrome 28.0.1500.29
Google Chrome 28.0.1500.25
Google Chrome 28.0.1500.66
Google Chrome 28.0.1500.41
Google Chrome 28.0.1500.12
Google Chrome 28.0.1500.13
Google Chrome 28.0.1500.62
Google Chrome 28.0.1500.20
Google Chrome 28.0.1500.39
Google Chrome 28.0.1500.60
Google Chrome 28.0.1500.15
Google Chrome 28.0.1500.59
Google Chrome 28.0.1500.23
Google Chrome 28.0.1500.45
Google Chrome 28.0.1500.43
Google Chrome 28.0.1500.40
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »